Snowboarding Forum - Snowboard Enthusiast Forums banner

Attention - Password and Security Update

6K views 57 replies 24 participants last post by  Deacon 
#1 ·
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 
See less See more
#3 ·
I agree, its a fucking snowboarding forum. I dont put my personal credit/banking info on here. If you can figure out my SSN and banking account numbers off of what is on this fourm then you deserve to get them and I am a fuckwit for letting that happen.

Why not fix stuff that is a real user issue like how your advanced replies freeze up my computers and mobile devices every time I try to post a reply that isnt a quick one..... Or how when I hit post reply it double replies and kicks me to the "wait 60 second screen"......
 
#14 ·
We were only made aware of the issue a couple of weeks ago, and have been dealing with law enforcement as well as trying to figure out where the breach happened. We only knew it was a third party plug in that caused the issue. We also know that they do not have all passwords, which means they dont have the encryption, they are only figuring out people who use the same password across networks, or have an easy password.

Helena
 
#15 ·
Ok, a bit of a rant time here.

Firstly, seeing as this has made it to the press you knew a lot more than you lead on in the original post.

Secondly, don't try to pass off your being hacked onto your users who may be compromised by saying they used a 'weak' password.

Thirdly, you can brute force a salted md5 password if you have the right equipment fairly easily. Now the fact there are 45M of them makes it quite a task, but its certainly doable.

But here's the real reason you should have told us everything sooner. They have our email, and an encrypted password. There's likely quite a few people who have the same password on their email as they do for here. Even Hillary would be able to probably deduce that is bad.

Should you do that, no, but people do. And that is why a full disclosure, one that there was no evidence was even coming until I posted the above, was the right thing to do.
 
#18 ·
First thing i did is change my email password after they posted that. Foobar is right, your lack of clarity is fubar.

Still doesnt make our information on your servers any safer by makiing us have ridiculous passwords that rotate annually. There isnt much info on here but if someone got into my email it would be a bitch, not to mention people that use the facebook login. Building a dam doesnt consist of tossing a rock in the river. You actually need to build a dam
 
#20 ·
I hadn't really thought of the facebook login as I don't use it, but I'm thinking those people are probably ok as it authenticates presumably with facebook servers which weren't compromised (that we know of :) )

And I'm guessing that is why they say, "everyones password wasn't taken". Well, ya, because they aren't handled on here.
 
#22 · (Edited)
OK,.. concerned & confused!

I'm not much of a computer, IT geek at all! (…the reason I've always liked Macs cuz you don't need to be!) :dunno: So much of this conversation is over my head.

The password I use for this forum is a random one and not just a simple word or phrase that could be easily figured out by some auto password hack. Also, my SBF pw is significantly different from most (but not all) of the pw I use for my important accounts. Accounts like my Email, business, and some online shopping, etc!

Should I be worried about the security of any of those accounts with this hack, whatever it is? :eek:







(….not to mention the YEARS of debauchery and effort I stand to lose if any of my Porn accounts are compromised!!!) ;) :rofl3: :laugh: >:)
 
#23 ·
Everyone calm down, take a deep breath and send me the following information, I will determine whether or not your accounts are safe:


1) Full name, address, SSN
2) Bank name, login, password
3) Online stock trading account, password
4) Credit card account(s), password(s)
5) snowboarding forum account, password​


This is an exercise in interwebz safety. I will prepare a detailed report for you within 2-3 weeks.


>:)
 
#25 ·
Problem with how I've got things set up is, I use a basic password for sites like this one cause I have no sensitive data on here!!!!!

If I need to change it to a more complicated one, then it'll become similar to that where I have my info that I call "My Precious"!!!!!

It'll therefore be safer if I was not to bother renewin my activity on sites that force me to do so!!!!!

So, I guess this is a goodbye!!!!! :crying:
 
#26 · (Edited)
I stopped using my gmail acct because I forgot my password. Used hotmail instead.

Stopped posting on my aquatic plants forum because I forgot the password when I had to reinstall tapatalk. Now I just lurk haha

Youtube... it's saved on my phone and TV at home. Can't access it from anywhere else.....

But little by little, each time I'm able to login on any of those sites I reset my password to the same I use everywhere, so little by little after a few yrs I'm recovering some lost accounts.

The hell with complicated passwords. Hackers dont know the people and they use a software to get your password. No computer software will guess my password is 00horrayforboobies00 with any more ease than frHsoe356jfHYhhsjj78210098.

Really. Websites... stop this shit.
 
#30 ·
Pass1234 is always a good one, no one ever gets hacked using that. Plus it meets the minimum requirements of 1 upper case letter, 1 lower case letter and 1 number. I use it everywhere although I am seriously considering changing to 00horrayforboobies00.
 
#31 ·
Personally, I dont think this is necessary. maybe you could be putting your time into something else. I mean how many people have had problems on this site on the subject of security?
 
#34 ·
Which is funny you say that considering you (admins) were not forthcoming in the original post. This is a forum I come to escape the hassles of reality and having some complicated password is ridiculous. Just another way you're slowly killing this forum IMO.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top