ProtoNode A Social Programming Environment
Login Security Tips
Remember to follow our Secure Login Guide to make sure you know how to tell when some other website is pretending to be us.

We offer the latest in website protection measures such as extra security features for logging in besides just mandatory HTTPS. For starters we let you add a "+label" to the end of your username when logging in. This makes it easier for you to track your login history. The label should contain the location of the untrusted computer you are using. When using a label with your login you can also enable a special mode which lets you scramble your password and prevents that same modified password from working more than once. Not only is it a single use password but you can also track the IP address of anyone who tried to use it. You just add extra random letters into your password as you type it. No more than 10 to keep things fast. You will need to make sure that your real password looks random enough to begin with because adding extra characters to obvious words will not prevent a smart hacker from deciphering your actual password.

How to randomize your password to make it only work once
If your username is "user1" and your password is "Xo9ty*sn" then you can login more safely from an untrusted device by typing your username as "user1+library" and your password as "pX6bof98tJfy*^skn", where the characters in red were chosen at random.

If anyone tries to remove a few characters from your password they will likely remove a required character, or they will not remove enough of the random characters and will get busted for reusing a password similar to one you already used. As a bonus, if you accidentally add extra characters into your password you won't notice and you won't have to try again. However if you add the same characters again you will not be logged in and it will trigger a warning. After you login you should review your login history and look for suspicious login attempts. If you see anything you were not expecting, or if it has been a while, you should change your password. Remember that password resets are done using your verified email address so you should also change that password often.

You must enable this feature in your settings for it to work. This is because it is easier for an attacker to test against many passwords using fuzzy matching. For example, "password_123", "pasword_123456", "password_024680", etc... can all be checked using this one guess: "password_01234567890". This is another reason why it is so important to choose a very random password that doesn't fit a pattern.