Ford Muscle Cars Tech Forum banner

1 - 8 of 8 Posts

·
Site Admin
Joined
·
344 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
10,299 Posts
If I change it now to something even stronger (caps, symbols, numbers, etc.), will I have to do it again as part of the reset anyway?

David
 

·
Site Admin
Joined
·
344 Posts
Discussion Starter #3
hey there!

You do not need to change your passwords now, As you will be prompted when everything is implemented. I would wait till you are prompted, as you would have to change it again.

~Shane
 

·
Premium Member
Joined
·
3,336 Posts
I am a bit more worried about this messup than passwords... keeping hackers out of OUR forum posting/posing seems kinda .001% of a worry comared to all the other (ip/email/name/likely similar passwords that could easily allow spoofing for more 'real' reason hackers do what they do- identity theft and similar)
first concern- what are 'hashed passwords'?
thats the 'biggie' that got out, but i dont know what it means.

I have two questions for the admins to consider- possibly pass upstream:

1) wouldnt it be a un-loseable case for VerticalScope to file a suit against LeakedSource.com? they are selling stolen data on that site- its not like a napster argueable thing about 'sharing'- the theft is no good for anything more than malicious reasons. sue the **** out of them, get their recrds and sue anyone that accessed others data thru them...i'm sure you could find a law firm that would do it on contingency- heck, let them have 100%...Vertical scope lost only trust in this theft- all us users are the ones put at risk, please consider turning the tables on these thieving idiots.

2) what is vertical scopes password stuff going to do about preventing future stuff like this? the folks that would steal this info dont want to edit our posts- know what i mean? guaranteed they want our IP to spoof, our email and password tendencies so they can imitate or simpler yet hack banking/paypal type sites. the forum issue is nothing compared to what damage has already been done... while part of me would love to scream at VerticalScope about this breach, I know hackers are getting better at it- and i wouldnt doubt a microsoft hole allowed it.

lastly, I really think it might be 'nice' for VerticalScope to add emphasis to the forum attention thing:
EVERYONE IN HERE- I'D SUGGEST GETTING A PIECE OF PAPER AND CHANGE PASSWORDS ON EVERY SITE INVOLVING POSSIBLE MONEY IF YOU USE SIMILAR PASSWORDS.

getting ahold of cash is the only reason hackers/****ty sites like leakeddata sell this stuff- so idiots with little knowledge can try to call themselves 'hackers' by seeing password similarities... even the number of characters would give them a tool to limit tries... go random- pick a page out of a book for words, throw dice for truly random number generation, use that for random spacing between letters to drop in random characters...random truncation of words, random length(i think thats maybe one of the biggest) the type of thing a hacker couldnt ever write a program to try and sort patterns from...
 

·
Site Admin
Joined
·
344 Posts
Discussion Starter #5
hey there,

we have patched our end of the breach already. these further password changes are to increase and protect users from any further damage. the leakedsource data is a snatch & grab of data. all dictionary script pick ups mostly.

once users and team member passwords are changed, it would be little more then just a wall of text at that point. thats why its important we make these changes.

they could sell all the data in the world. but if that data changes on the other end. it would just be like trying to find a ripe strawberry 4 months before harvest season. basically, a pain to comb a field for just a few that may or may not of been changed.

hope that helps to bring some clarity to your questions. we are implementing new security features on the back end. just covering all the bases kind of thing. :)

~Shane
 

·
Registered
Joined
·
3 Posts
hey its craigerGTA, I need help with my account. for some reason when I go to reset my password it doesn't send anything to my email. so I created this account to get in here and ask u guys for help. can u guys help? thx
 
1 - 8 of 8 Posts
Top