StromTrooper banner

1 - 20 of 63 Posts

·
Administrator
Joined
·
1,128 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Managemen
 

·
Registered
Joined
·
809 Posts
not fully registered

I reset my password and email but never received the email to complete the verification (I checked my spam folder). Can you resend the verification email? Thanks.
 

·
FORUM GODFATHER.....R.I.P. PAT
Joined
·
38,049 Posts
I upgraded your status.
 

·
FORUM GODFATHER.....R.I.P. PAT
Joined
·
38,049 Posts
I just received my notification of my password change and a PM from another member. This is a legitimate step. The e-mail is genuine. Follow the instructions to keep your membership. Make sure your e-mail address is current.
 

·
Premium Member
Joined
·
215 Posts
I just received my notification of my password change and a PM from another member. This is a legitimate step. The e-mail is genuine. Follow the instructions to keep your membership. Make sure your e-mail address is current.
Your new password from the admins might have a period as the first character. Don't miss it. I did, and blew through my 5 log-in attempts before I realized what was going on. Doh!
 

·
Registered
Joined
·
112 Posts
I understand the need.


But how many multi-forum users do you think have to write down a new 10-character, upper/lower, number laden, special character password, unique to Stromtroopers?
It kind of defeats the purpose ...
 

·
Registered
Joined
·
2,699 Posts
What are the password rules??

10 characters etc as per the instructions don't do it. Actually there is no feedback, just all fields become blank.

This seems to be not working, at least not at the moment.
 

·
Registered
Joined
·
2,019 Posts
Why the necessity for 10 charictors, upper and lower case, symbols and numbers on a motorcycle forum? If the site gets hacked again, the requirements will be irrelevant.
 

·
Registered
Joined
·
303 Posts
Its a pita

But how many multi-forum users do you think have to write down a new 10-character, upper/lower, number laden, special character password, unique to Stromtroopers?
It kind of defeats the purpose ...
Exactly..lets say that every website to which a random subscriber might belong (lets GUESS 16 for example) decided to pull this.

These crazy NEW ["unique"] requirements defy anyone's REMEMBERING their various SIGN IN passwords (times 16) so they have to be either 1. WRITTEN DOWN or 2. all lodged in a Program which REMEMBERS them ALL for convenience sake.

That said, WRITTEN LIST may be found by others and the "REMEMBER" programs are ALL SUCCEPTIBLE to being CRACKED [but THANKS for consolidating them all IN ONE PLACE to make it easier for the CODEBREAKERS]

I've been dealing with computers for 35 years and have NEVER had one of my PASSWORDS cracked, but thanks for HELPING :furious:
 

·
Registered
Joined
·
19 Posts
Any perceived security enhancement is immediately lost when you email the new passwords out in pain text! WOW! That's one of the WORST things you can do...
 

·
Registered
Joined
·
13 Posts
I went through and changed all my Verticalscope accounts when I heard about the hack. I had a nice strong unique randomly generated password from my password manager and thought I was done. Now my password has been reset to something shorter that's been sent in plain text. Weeeee I just reset it again to something nice and strong.


If you don't have a password manager, get one now!
 

·
Registered
Joined
·
4,289 Posts
Nine years here without a problem, never had my simple but unique password hacked... now we have to do this BS.

I can see this, and many other internet Forums losing members due to this stuff.. it is easier to just be part of interest groups on Facebook these days.

This is a bike forum, not a Government security agency... simple passwords of our choosing worked just fine.

Regards,
Bond, James Bond 007.. (might as well have a cool spy handle if I'm going to have to log in like a secret agent) :grin2:
 

·
Registered
Joined
·
1,366 Posts
The people who hit forums aren't after your bike stories. What they're after is password and email combinations, and they collect those en mass when they get access to a forum back end. Those are used to both hit banks and other forums digging for more information, as well as to add to password lists. Those lists are then used for automated log-in attempts against other email addresses as well as to perform brute force attacks on encrypted documents and data streams that have been harvested and intercepted. Much of this is done by automated systems, so it's not as though specific individuals are being targeted, that comes later if someone is deemed to be a 'high value target' ie known serving military personnel (higher rank equals higher value), elected members of government, high ranking public servants ... that kind of thing.

I'd already updated my password on this site after the breach but before the reset, so having to do it again was slightly annoying but not exactly catastrophic.
 

·
Registered
Joined
·
4,289 Posts
The people who hit forums aren't after your bike stories. What they're after is password and email combinations, and they collect those en mass when they get access to a forum back end. Those are used to both hit banks and other forums digging for more information, as well as to add to password lists. Those lists are then used for automated log-in attempts against other email addresses as well as to perform brute force attacks on encrypted documents and data streams that have been harvested and intercepted. Much of this is done by automated systems, so it's not as though specific individuals are being targeted, that comes later if someone is deemed to be a 'high value target' ie known serving military personnel (higher rank equals higher value), elected members of government, high ranking public servants ... that kind of thing.

I'd already updated my password on this site after the breach but before the reset, so having to do it again was slightly annoying but not exactly catastrophic.
So basically what you are saying is no passwords here are secure anyway, and my different/stupid/non related passwords I use for various passworded sites are probably as secure as any mumbo jumbo I've just had to create for this site.
 
1 - 20 of 63 Posts
Top