Go to https://www.audiosciencereview.com/forum/index.php?account/security and check under the Two Factor Authentication header. Never use text messages for authentication though, they can be spoofed. Use an app like Aegis or Authy, or use a hardware key like a Yubikey.How do you set up the 2 step within ASR?
Is this standard with the "+", does it apply everywhere???Also, adding a year and/or an exclamation mark at the end isn't going to save you.
Normally (if you're not a specific target) they just run the 10K most popular passwords (available to the public on GitHub) and a script that tries all the variations on those with capitals, numbers and special characters added. That's automated guessing and pretty fast, it'll give you some positives from a large database.
If you are a specific target because your account has greater value, trying to crack a password becomes an option. They'll try to brute-force all possible combinations of characters. On top of not being easy to guess, the length of a password now becomes important. Every extra character increases the number of possibilities exponentially. If we only count for letters, 26*10⁴ combinations are a lot faster to crunch than 26*10⁸. That's why passphrases are pretty effective if you need a long password that you can remember.
Control leaked e-mail. The easiest scam is just spamming a leaked e-mail address. No password involved. You can add a note to the e-mail adress you use to make an account. For example [email protected] has +asr added. The e-mail is still being delivered to [email protected]. However, if you get spam, you can see where is is directed to. If it is directed to +asr, ASR had willingly or unwillingly leaked your e-mail address. You can simply block all mail that's directed at the +asr combo, notify the sites owner and register a new e-mail (+asr2 for example) at the website.
For non specific targets, if your password is compromised as well, they'll likely try to login to your PayPal with the +asr e-mail. Even if your password isn't unique, that'll fail. But please, use unique passwords!
If you're the type of Audio enthousiast who has a NAS or home server to store their music, you can host your own Bitwarden server with Vaultwarden. This way your data is stored locally with open source software.
After changing my password I've checked my last messages to see if someone is selling cooking ware with my account.Unless you are like me, whose login is hijacked by someone who were selling equipment through my profile…