I use the same password for a number of sites.

I use a totally different password & user name for any financial sites.  I just don't see the point of using different user names & passwords for message boards where I'm not buying anything.  I haven't bought anything from MRH other than DVD's from Joe at a national train show in person, but I would hope that the security for the sales site is better than the magazine message board.

TMTV and MRH Store are full https

Color me not worried about

Color me not worried about security on a message board. When I make purchases I use a credit card and the credit card folks are the ones on the hook for any stolen info. I never use bank accounts on line nor do I have electronic links to my accounts. If they get hacked it will be via the bank and not me so the bank will need to deal with it.

Keeping your passwords secure

Best practice is to get and use a password vault app. We use Dashlane here at the MRH HQ.

With a password vault app, you can have a bazillion passwords all different and it's quite painless. You can also use the vault software to generate jibberish passwords that NOBODY will ever be able to guess, and yet you can retrieve them if needed using a complex master password.

Another of those web savvy tricks for those who know something about the web: password vault apps.

Password = "password"

I'm with Russ... simple conversational sites get the same (not so easy) password...

My email?  different, as are financials, vendors (sometimes I forget those and re-validate them), medical, insurance, and other "none of your business" sites.

I draw upon a theme..(Mel Brooks movies) and make a password related to something he presented in his body of work... 

Railroad sites?-> Blazing saddles -> "Rock Ridge" 

Doctor?  -> Young Frankenstein ->    --- oops, too obvious,   try:  High Anxiety.

- a password vault is (IMO) recorded ON a computer... thus, (a long shot, but) still subject to a hacking.

You CAN have Fun with this!

The threat is real

I have pretty good web security protocols. However, I use my credit card extensively online and have never had a problem until I did an order from a model railroad manufacturer who did not have a secure website. Within hours of placing my order, my credit card company alerted me to suspicious activity on my card. It is easy enough to replace the card but it does cause some inconvenience. So, to you model railroad advertisers here, if you want our business, take the time and go to the expense of getting the security. 

The only disappointing thing in this is that I alerted the company in question and encouraged the security protocols but my email was met with silence. 

Thanks Joe

Good reason there, and I'm glad that you guys are looking out to those details. I recall the MRH's store is HTTPs, so at least the part that requires a secure connection is safe. I hear when you say about vendors not using HTTPs, I've already turned down a few websites for not having any encryption on their pages.

Sites and Passwords

My $0.02 - Just like everything else in this world today - magnification abounds and stuff is blown out of proportion. There is no reason what so ever to have a secure site that shows pictures, movies and/or text. Now that said .. ANY login need to be secure, and in the case of the forum's, ya don't want to show any email or personal information. I ALWAYS check any login for 'https'; and even if the site has NOT renewed its certificates, the connection still is encrypted; and ya get warnings from your browser.  To me, any virtual storefront needs to be encrypted as I don't really want folks sniffing data streams looking for stuff that I have put in my shopping cart and thinking of buying; let alone my V/MC information. If you really think about it, sniffing via wireless and a unsecure wireless hot spot happens probably more than we care to know, although pretty slim if you are dealing with stuff using your home wired internet connection.

Keep up the good work Joe!