Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:
1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and
2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.
We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.
I wish you wouldn't do this. Your "more complex" requirements don't make accounts any safer from brute force attacks, they're just more of a pain in the ass for us to remember.
I agree, its a fucking snowboarding forum. I dont put my personal credit/banking info on here. If you can figure out my SSN and banking account numbers off of what is on this fourm then you deserve to get them and I am a fuckwit for letting that happen.
Why not fix stuff that is a real user issue like how your advanced replies freeze up my computers and mobile devices every time I try to post a reply that isnt a quick one..... Or how when I hit post reply it double replies and kicks me to the "wait 60 second screen"......
In all honesty it doesn't really matter as my browser remembers the credentials anyway. Other than the ideological , "why are you making more work for people who are here to escape work" argument it really doesn't matter much. To me at least.
While I'll still take the stance it really doesn't matter, I think a little bit of forthcoming would have been nice as to why this came about all of a sudden.
We were only made aware of the issue a couple of weeks ago, and have been dealing with law enforcement as well as trying to figure out where the breach happened. We only knew it was a third party plug in that caused the issue. We also know that they do not have all passwords, which means they dont have the encryption, they are only figuring out people who use the same password across networks, or have an easy password.
Firstly, seeing as this has made it to the press you knew a lot more than you lead on in the original post.
Secondly, don't try to pass off your being hacked onto your users who may be compromised by saying they used a 'weak' password.
Thirdly, you can brute force a salted md5 password if you have the right equipment fairly easily. Now the fact there are 45M of them makes it quite a task, but its certainly doable.
But here's the real reason you should have told us everything sooner. They have our email, and an encrypted password. There's likely quite a few people who have the same password on their email as they do for here. Even Hillary would be able to probably deduce that is bad.
Should you do that, no, but people do. And that is why a full disclosure, one that there was no evidence was even coming until I posted the above, was the right thing to do.
Can I get a sex reset also...so that I can refer to myself as "it" and "they" and refer to my masturbatory orgy in the third persons?..."We, the they Its are having a nice time!"
First thing i did is change my email password after they posted that. Foobar is right, your lack of clarity is fubar.
Still doesnt make our information on your servers any safer by makiing us have ridiculous passwords that rotate annually. There isnt much info on here but if someone got into my email it would be a bitch, not to mention people that use the facebook login. Building a dam doesnt consist of tossing a rock in the river. You actually need to build a dam
I hadn't really thought of the facebook login as I don't use it, but I'm thinking those people are probably ok as it authenticates presumably with facebook servers which weren't compromised (that we know of )
And I'm guessing that is why they say, "everyones password wasn't taken". Well, ya, because they aren't handled on here.
I'm not much of a computer, IT geek at all! (…the reason I've always liked Macs cuz you don't need to be!) :dunno: So much of this conversation is over my head.
The password I use for this forum is a random one and not just a simple word or phrase that could be easily figured out by some auto password hack. Also, my SBF pw is significantly different from most (but not all) of the pw I use for my important accounts. Accounts like my Email, business, and some online shopping, etc!
Should I be worried about the security of any of those accounts with this hack, whatever it is?
(….not to mention the YEARS of debauchery and effort I stand to lose if any of my Porn accounts are compromised!!!) :rofl3: :laugh: >
You do not need to change your passwords now, As you will be prompted when everything is implemented. I would wait till you are prompted, as you would have to change it again.
I stopped using my gmail acct because I forgot my password. Used hotmail instead.
Stopped posting on my aquatic plants forum because I forgot the password when I had to reinstall tapatalk. Now I just lurk haha
Youtube... it's saved on my phone and TV at home. Can't access it from anywhere else.....
But little by little, each time I'm able to login on any of those sites I reset my password to the same I use everywhere, so little by little after a few yrs I'm recovering some lost accounts.
The hell with complicated passwords. Hackers dont know the people and they use a software to get your password. No computer software will guess my password is 00horrayforboobies00 with any more ease than frHsoe356jfHYhhsjj78210098.
Pass1234 is always a good one, no one ever gets hacked using that. Plus it meets the minimum requirements of 1 upper case letter, 1 lower case letter and 1 number. I use it everywhere although I am seriously considering changing to 00horrayforboobies00.
Personally, I dont think this is necessary. maybe you could be putting your time into something else. I mean how many people have had problems on this site on the subject of security?
While it might not be an issue for you, it could be for other users and we do encourage that others who use the same email/password combination to consider that if their emails and passwords get hacked, it can be used elsewhere.
Which is funny you say that considering you (admins) were not forthcoming in the original post. This is a forum I come to escape the hassles of reality and having some complicated password is ridiculous. Just another way you're slowly killing this forum IMO.
I agree. It is a hassle, but you can probably put the password on auto save, so you wont even need to type it in. As far as remembering it goes, just write it in your phone or something.
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Snowboarding Forum - Snowboard Enthusiast Forums
1M posts
46.5K members
Since 2006
A forum community dedicated to all Snowboarding enthusiasts. Come join the discussion about equipment reviews, tips, traveling, gear troubleshooting, share photos, and more!