We've had an instance of a members account being compromised - due to a weak password rather than any vulnerability of the site - so I thought a note on passwords is in order.
For the record: The site as a whole is backed up and protected, individual accounts are not. In the event that the whole site was compromised/brought down it would just be restored from a backup and business would continue as normal.
If someone accesses your account and deletes/edits your content as a logged in user it can not be restored. If someone uses your account to create large amount of spam content or messages the most viable solution at our end may be to delete the account to remove all offending content automatically.
As far as passwords go, they don't have to be nuclear launch codes but seemingly small additions increase the difficulty of cracking it exponentially. Some examples and thoughts on this:
Dictionary based passwords;You'd be amazed how many people actually try to set their password as "password" or "secret" or something else painfully obvious. Obviously this isn't secure. If it's a common word or the kind of word you quickly came to when thinking of a password, it will quickly come to others as well. One practice for breaking into systems is to get a list of user accounts (your forum name which is publicly visible) and apply login attempts using a list of 10 most commonly used passwords. Don't use one of them.
Using at least a mixture of letters and number is desirable, and if you want to "go nuclear" with your password, used mixed case and symbols. To give you an idea, the following number of combinations are possible using the characters listed.
Numeric passwords (0-9 only) e.g
456132;
1,000,000 combinations are possible. Not a small number but with persistence they can be broken. More often than not people choose sequential formats as well like 345678 which are tried first and easily found.
Alpha passwords (a-z only) e.g
ajbhgn;
308,915,776 combinations are possible.
Alphanumeric passwords (0-9 + letters a-z) e.g
f7rgh4.
2,176,782,336 combinations are possible. A short combination of letters and numbers should be no more difficult to remember than any of the above weaker options. This is my recommended format for choosing a password without...
Going nuclear;Case sensitive alphanumeric passwords e.g.
F6hJ3556,800,235,584 combinations are possible. Even better than the above.
Case sensitive alphanumeric passwords with symbols e.g.
b%7Xd(689,869,781,056 combinations are possible.
Huge numbers of combinations and these are only using 6 character passwords. If you password is 8 or 10 or more characters the combinations start getting bigger than I care to type out.
You get the idea.
So if your password is currently "password" or "password1", go and change it
See you on the firing line.