FordFusionClub.com banner

1 - 20 of 21 Posts

·
FMV Admin
Joined
·
380 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Super Moderator
Joined
·
1,205 Posts
Thanks Helena,

I'll use complex passwords and change them every 181 days on the forums where I'm a moderator and every 365 days on forums where I'm a regular user. :)
 

·
FMV Admin
Joined
·
380 Posts
Discussion Starter #4
Thanks Helena,

I'll use complex passwords and change them every 181 days on the forums where I'm a moderator and every 365 days on forums where I'm a regular user. :)
:D Thanks!

The system will force change your password, and when you log in to change it, it will provide you with a new criteria to make the passwords more complex and secure.

We'll keep you updated.

Thanks,
- JB
 

·
Super Moderator
Joined
·
1,205 Posts
Hmmm, got a new password notification in my E-Mail today which stated my password had been changed by the administrator; pretty funny. Why? Because the new password doesn't work; I logged out, tried the new password included in the E-Mail, fail, and then tried my original password (which worked).
 

·
Registered
Joined
·
1,783 Posts
I honestly am sick of sites changing forcing me to change my password because their password requirements have changed and this site is one of the worst I have seen!

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

What kind of crack are the admins smoking!? All of the online banking sites I use have lower password requirements! This is just a forum, it contains no personal information whatsoever. For sites like this I generally try to keep a simple password and reuse it on multiple sites because I DON'T CARE if it gets hacked. If I care about an online account, like for banking, I make up a random password. Stop forcing these baseless changes down peoples throats!
 

·
Moderator
Joined
·
6,350 Posts
I honestly am sick of sites changing forcing me to change my password because their password requirements have changed and this site is one of the worst I have seen!

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

What kind of crack are the admins smoking!? All of the online banking sites I use have lower password requirements! This is just a forum, it contains no personal information whatsoever. For sites like this I generally try to keep a simple password and reuse it on multiple sites because I DON'T CARE if it gets hacked. If I care about an online account, like for banking, I make up a random password. Stop forcing these baseless changes down peoples throats!
Yep. All of the VerticalScope forums (i.e. most of the automotive forums out there) just went to this bullshit. That's fine, I'll leave. Very strange reason to leave, but fnck it, I'm not going to come up with multiple new super-complex passwords just for them. And wtf, they don't even consider "_" to be a symbol. Pretty sure that's not a number OR a letter... so that must mean it is a symbol!

Like you said, I don't give a rats ass if my account is compromised, and if a hacker hasn't figured my password out he won't have found it out in the following year. Better security would be to lock an account after 10 attempted logins or something. Now I'm a moderator here, so I agree, I shouldn't have a password like "password" but these password requirements are just retarded.

And finally... when forums are hacked it is because there is a vulnerability in the forum software, and because management didn't keep it up to date, not because JohnDoe didn't use a strong enough password. If the hacker needs access to an account, he will create a new account, and hack the forum from there.

I'll give the VerticalScope geniuses a week to fix it, and if they don't I'll just head off to a forum with non-retarded management.


-edit-
LOL spambots clearly don't mind the new rules!
 

Attachments

·
Registered
Joined
·
1,783 Posts
That's horrible. Do bots now have a way around captchas because I though that usually stopped them.

In protest of this password BS I'm not changing mine from the one they emailed to me and that email is sitting in an account with a horrible password.
If you aren't going to stick around could you post some email addresses for these "VerticalScope geniuses" so I and others can give them a piece of our minds?:twisted:
 

·
Registered
Joined
·
12 Posts
I logged on with the password I received in the email (which I will never remember) and found out I can change it once I've logged on Grrrrr
 

·
Super Moderator
Joined
·
1,205 Posts
That's horrible. Do bots now have a way around captchas because I though that usually stopped them.
I'm a moderator on a few different sites and captchas do help, a bit, but there are definitely ways around them. On one site we were clobbered with an organized spambot attack with up to 60 new spam IDs per day at its peak; the attack lasted over a year and a half and totaled some 6,000+ spam IDs, all of which were summarily banned.
 

·
Registered
Joined
·
1,783 Posts
What about IP bans? One forum I'm on kept getting hacked/spammed. The owner/admin traced all the IP's back to Russia. Since he saw no other traffic from Russian IP's he IP banned the entire country, problem solved.
 

·
Super Moderator
Joined
·
1,205 Posts
What about IP bans? One forum I'm on we kept getting hacked/spammed. The owner/admin traced all the IP's back to Russia. Since he saw no other traffic from Russian IP's he IP banned the entire country, problem solved.
This was a particularly diverse spambot attack; by the time it finally died off about a year ago the zombie machines hailed from over 1,000 different IP address ranges (the ranges were typically in the first two octet class, i.e. something 117.123.x.x). We did end up blocking several dozen ranges, however, due to the sophistication of the attack, the zombies "appeared" to be running from regular users all across the globe; most of which were in the U.S. and Canada and otherwise unknown sources of spambot activity.
 

·
Moderator
Joined
·
6,350 Posts
In protest of this password BS I'm not changing mine from the one they emailed to me and that email is sitting in an account with a horrible password.
If you aren't going to stick around could you post some email addresses for these "VerticalScope geniuses" so I and others can give them a piece of our minds?:twisted:
VerticalScope.com

Good luck lol, I'm sure they're very open to receiving criticism. Better bet is just get as many people on here to protest the stupidity, and maybe the people in charge of this forum can relay the feedback to the mothership.
 

·
Registered
Joined
·
652 Posts
Damn fellas, a lot of you mothaphuckas are cranky. Just change the PW to your liking and call it a wrap. Leave all this moaning and complaining to the wifeys or girlfriends and move on. So anyways, what good movie is out in theaters right now?

Sent from my Nexus 6P using Tapatalk
 

·
Registered
Joined
·
1,783 Posts
So, this password thing has to do about a data breach. Rather than tell us about the data breach in the first place they make us change our passwords and then tell out about the breach even though password strength had nothing to do with the breach... Some grade A intelligence at work here.
 

·
Moderator
Joined
·
6,350 Posts
So, this password thing has to do about a data breach. Rather than tell us about the data breach in the first place they make us change our passwords and then tell out about the breach even though password strength had nothing to do with the breach... Some grade A intelligence at work here.
Yeah...
And so my point is underlined. If the passwords are stolen, it makes no difference if the password is "password" or if the password is 2i34u88fj0#*3k. They have your password either way.
 

·
Registered
Joined
·
35 Posts
It's a good thing that security is being taken seriously. I must mention my shock though, at logging in and having firefox warn me that my password will be sent in plain text..... No HTTPS???
 
1 - 20 of 21 Posts
Top