Security
AstroBin has a zero-tolerance policy against spam, and this means exceptional protection of user accounts
Unlike general-purpose social networks, where spam and inappropriate content are extremely common, you will find none of it on AstroBin. This is achieved thanks to a few measures:
Images, comments, and forum posts by new users and unpaid accounts go thru a moderation queue. Large social network cannot moderate millions of posts per day, so they rely on the users reporting the spam instead. AstroBin is, of course, very small compared to them, so this works well.
User accounts are held to a high standard of password security. AstroBin enforces strong passwords upon signing up:
Your password can't be too similar to your other personal information (e.g. username, first/last name, email).
Your password must contain at least 8 characters.
Your password can't be a commonly used password (e.g. “password1234”).
Your password can't be entirely numeric.
Your password must contain at least one number.
Your password must contain a punctuation character.
Your password can't have appeared in an online data breach from other websites.
AstroBin offers optional 2FA (two-factor authentication) via token generator or email-based one-time password.
All passwords are stored as hashes, which is a cryptographic technique that prevents password theft, and all communication between your browser and AstroBin's servers happens via SSL (Secure Socket Layer), so it's impossible to steal your password with a man-in-the-middle attack.
AstroBin does not store your credit card details when you make a payment.
You might think that this is as strong as your online banking and that it's an overkill for a site that doesn't hold any sensitive data. The reason why AstroBin has such high security standards is that if your account is compromised because of a weak password, then it can be used to post spam, pornography, or phishing content that can be harmful to other users.
We want AstroBin to be clean and safe at all times.
What is an OTP token and why am I getting a request for one when I attempt to log in?
If you didn't explicitly setup two-factor authentication on AstroBin (in which case we assume you wouldn't ask this question), then there are two possible reasons why AstroBin is requesting a “token” when you attempt to log in:
AstroBin detected that your password does not meet the security requirements explained above.
If your password is considered weak, or you used it on multiple websites and it leaked from one of the others and it's present in a leaked password database, then AstroBin needs to prevent a malicious party from gaining access to your account.To do so, it sends you an email with a one-time password (OTP) token.
Therefore, a hacker trying to steal your account would need to have access to your email as well as your AstroBin password. This is called two-factor authentication.
Please check your email (spam folder too) for an authentication token from AstroBin: it sends you one as you attempt to log in so it should be with you within a few minutes.
If you don't have access to you email either, please contact us so we can verify your identity another way (see below).AstroBin detected that you attempted to log in from a country different than the one you were seen in last time.
To make sure it's really you, in this case we also force two-factor authentication on your account.
If your password is not compliant with AstroBin's security requirements, and you don't want to be forced to be an additional email verification token each time you log in, please change your password as soon as possible. Then you will be able to disable two-factor authentication.
How can I disable two-factor authentication?
You can disable it in your settings: disable two-factor authentication. Keep in mind, tho, that if you signed up to AstroBin before January 30th, 2023, and your password does not meet the security requirements above, AstroBin will automatically enable two-factor authentication on your account again. So if that happens, please change your password as soon as possible.
I am locked out of my account because my email address on AstroBin is not actual anymore, help!
To grant you access to your account again, AstroBin needs to verify your identity as the owner of the account, in order to prevent account theft.
As you can't access the email address currently associated to your AstroBin account, and you cannot log in to send a private message to an administrator, the following additional methods are available to you (in order of security):
If you have paid for a subscription via credit card in the past, please send us the last 4 digit of the card you used
If you have paid for a subscription via PayPal in the past, please send us the transaction ID of your most recent payment
If you have images on AstroBin, and these images have equipment items associated with them, and you still own these equipment items, please send us pictures of at least two equipment items with a piece of paper that shows today's date
If your real name appears in your AstroBin username, or in the watermark of your images on AstroBin, please send us a copy an identity document, and please cover all data except your name with your hand
If none of the methods above work for you, unfortunately we cannot restore access to your account.