Howdy! AssertNull here. I just created a new account. I'm not engaging in sock-puppetry here and you won't find 100 upvotes and comments about how helpful AssertNull is in answering questions and I won't be answering programming questions under this account if I can help it. The other account is Ben_21 (side note: I never typed in Ben_21 for the user name. I typed in Ben Richards of Running Man fame. What happened?) There is a point to this, however. I've been getting contacted/spammed under my gmail account associated with AssertNull, so I've created a throwaway gmail account to start anew with forums, etc. Note: I'm not accusing Daniweb of spamming me. I know it's not Daniweb. I'm just pointing out that the underlying gmail account is the same. I'm hoping that the Daniweb mods/admins or anyone who understands forums can answer a few generic forum questions to help me tighten up my online security.
Let's say AssertNull has gmail account email@example.com and he used this account to register for Daniweb/Dazah. This is my main e-mail account that I give out to friends, family, etc., not a throwaway account/ Let's say firstname.lastname@example.org is a throwaway account used solely for online forums and Ben_21 used this account to sign up for Daniweb. When email@example.com was created, gmail asks for a backup account and phone number in case you lose your password. Let's say I typed in my real phone number and firstname.lastname@example.org as those backups when creating email@example.com.
My question is this. Can Daniweb (or any other forum or anyone who knows about firstname.lastname@example.org) figure out that email@example.com exists and is controlled by the same person who controls firstname.lastname@example.org? Does registering for Daniweb (or anywhere else) using email@example.com allow Daniweb to figure out who my firstname.lastname@example.org contacts are? More importantly, if email@example.com is compromised, does that compromise firstname.lastname@example.org? email@example.com is the important one with real human contacts that I don't want pestered. firstname.lastname@example.org is, as mentioned, a throwaway.
I had a security breach very likely stemming from someone abusing my registration info (to repeat, not Daniweb) and I'm doing damage control. In particular, I haven't been particularly good about creating different passwords for all accounts, so if my forum account's password is "1234", I assume some hash of "1234" is kept in the forum's database for authentification, so the bad guy has access to that hash value? Suppose email@example.com had password "1234" as well. Could the bad guy use that hash to break into firstname.lastname@example.org?