Attention - Password and Security Update
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: Attention - Password and Security Update

  1. #1
    Administrator cmfadmin's Avatar
    Join Date
    Oct 2008
    Posts
    347

    Lightbulb Attention - Password and Security Update

    Hey all,

    Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

    1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

    2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

    We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

    Thanks all,
    Helena
    Community Management

  2. #2
    Senior Member humble_pie's Avatar
    Join Date
    Jun 2009
    Posts
    11,230
    Quote Originally Posted by cmfadmin View Post
    We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!)

    wondering when is the change-password date? like, if we change passwords now, will we have to change them again when you announce your change-password reset date?

    how many characters will the maximum new password allow? will there be UC & LC as usual, along with arabic numbers?

    thankx for considering these questions
    ''bonté gracieuse et toute cette sorte de chose" - Astérix chez les bretons]

  3. #3
    Senior Member
    Join Date
    Oct 2013
    Posts
    588
    Helena, why? "to be safe" how?

    These forums are strictly chat rooms - there is no real possibility of identity theft or financial risk. Why, logically, should these passwords ever expire, or be complex, or be unique to the community?

  4. Remove Advertisements
    CanadianMoneyForum.com
    Advertisements
     

  5. #4
    Senior Member
    Join Date
    Aug 2013
    Posts
    333
    What if..
    You used the same user name /password somewhere else?
    This was a big data breach

    http://www.techinvestornews.com%2FTe...ech-sports-for

  6. #5
    Senior Member
    Join Date
    Jan 2011
    Location
    North of Montana
    Posts
    380
    I'm responsible for my presence on the net. I suspect I've forgotten more about IT Security than the admins will ever know. If my password expires, so do I. Unless you can tell us that our data has been compromised by a third party or what exactly these risks are, you are just trying to look concerned (about 20 years too late).

  7. #6
    Senior Member
    Join Date
    Mar 2012
    Posts
    3,229
    Does this have anything to do with the sudden change?

    http://www.zdnet.com/article/hacker-...sports-forums/
    I'm not JustAGuy (without spaces), or Donald, or <insert name here>.

  8. #7
    Member
    Join Date
    Apr 2016
    Posts
    32
    There's marginal value to the forum in that spammers might find it a tiny bit harder to appropriate accounts and post spam. There's less value to the users of the forum since I doubt the majority of accounts have much (or any) personal information attached to them.

    The big downside is adding password complexity rules and making them expire means people are less likely to memorize their passwords so they write them down on a note and tuck the note under the keyboard. Then anybody who has access to the keyboard has access to the account.

    Better to add password guidelines (not rules) and allow people to choose passwords they can easily memorize.

  9. #8
    Senior Member humble_pie's Avatar
    Join Date
    Jun 2009
    Posts
    11,230
    Quote Originally Posted by Just a Guy View Post
    Does this have anything to do with the sudden change?

    http://www.zdnet.com/article/hacker-...sports-forums/

    bingo

    everybody should read this link

    good for you Just a Guy
    ''bonté gracieuse et toute cette sorte de chose" - Astérix chez les bretons]

  10. #9
    Senior Member
    Join Date
    May 2009
    Location
    Central Ontario
    Posts
    789
    Yeah, encripted passwords that only use up to 8 lower case characters will be broken by brute force methods pretty fast. I wonder if anyone more up on this can comment? james4beach perhaps?
    So many sailboats, so little time.

  11. #10
    Senior Member
    Join Date
    May 2009
    Location
    Central Ontario
    Posts
    789
    Hi:

    Interesting that I think 7 of the last 10 people to visit my profile are people that have never posted a single post here. I am assuming that all 7 are here solely to hunt for personal data. I invite others to check their profile pages also to perhaps lend credence to my suspicions.

    hboy43
    So many sailboats, so little time.

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •