Warning: Pavlovia passwords
Over 16-17 Jan 2026 there was a clear, but unsuccessful attempt, to access user accounts by guessing passwords. There are no signs that any data were accessed as a result but this is a good reminder to use a good password and we strongly recommend you turn on multi-factor (phone) authentication. It’s very easy at Sign in · GitLab
1 Like
Original post:
Warning: Pavlovia passwords
There have been clear attempts on 16-17 Jan 2026 to gain access to people’s logins on Pavlovia. A lot of accounts had to be temporarily locked due to too many failed password attempts. The attempts were just guesses, hoping to find a user that had set their password to 1234 or similar. There is no sign that they were successful in gaining access to anyone’s account and the attempt has stopped, but this is a good time to remind users that password security is important!
We really recommend you turn on multi-factor (phone) authentication. It’s very easy at Sign in · GitLab
Update on this, the would-be hackers continued the attempt to find weak passwords for about 24 hours and then appear to have given up. We’ve check for suspicious activity from on any “sign-ins from new locations” and there is no sign that any data were accessed by the attempt.
But, to reiterate, this is a good reminder to use strong passwords and turn on MFA in your account settings
Thanks all for your vigilance,
Jon