RS Warrior Forum banner

1 - 20 of 27 Posts

·
Administrator
Joined
·
847 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Super Moderator
Joined
·
13,703 Posts
Sounds good. What will the required parameters of the new passwords be? I assume 8 characters or more, at least one capital letter and at least one number? Hopefully no special characters. I can never remember if I used an exclamation point or question mark. :)
 

·
Premium Member
Joined
·
774 Posts
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
Do you feel like explaining to everyone why? It would be swell if you stepped up and informed everyone about the password breach VerticalScope had and let all users know they should change all passwords at any site where they even suspect they used the same login info. https://www.leakedsource.com/blog/verticalscope

An apology would be appropriate also...
 

·
Registered
Joined
·
1,638 Posts
Helena,

Good initiative to enforce people to change their password to a decent length and with mixed characters.
However, to make passwords expire might not increase security and even has the potential to do more harm then good. There are many papers and articles written about this (Lame example Forcing users to change their passwords may do more harm than good | ZDNet).

Personally I force my engineers to use a password manager and make the required passwords at least 128 bits (or 32 characters). This might not be practical for your use, but can be food for thought. (Many good ones on the market, paid and free ones. Can provide suggestions but do not want to break site rules by promoting things)

On the same token, had a look at my own password and has not changed this since 2004 :eek: , so time to update :eek:

Dutch :cool:
 

·
Registered
Joined
·
1,638 Posts
ShamelessMT.

Thanks for this extra info, was not aware of this.
Grim reminder to users not to use same passwords for multiple sites :mad:

Dutch :cool:
 

·
Premium Member
Joined
·
4,571 Posts
It has become so rampant I now have to keep a binder of all my passwords. I use a lot of online sites for bill paying, supplies ordering for equipment, credit card access, etc.. and whereas I used to be able to have one or two, it is now in the dozens. No way I can remember all that, so I have a binder. Don't want to store them electronically, paper and pen much more secure.
 

·
Premium Member
Joined
·
2,644 Posts
Just a question, are we here really that compromised in this forum to need this change? Have we been hacked?
I feel bad for the guys that can't remember their new password after thanking them and for the guys that won't even know they will have to change them. I've already seen a few guys that made new profiles cause they don't remember their password they originally had after years of having it. And to do this every year. I have many passwords for many different accounts and it's frustrating trying to remember them as I have reset some but that made it even harder.
I'm just asking, is it really nessary.
 

·
Administrator
Joined
·
847 Posts
Discussion Starter #11
Sounds good. What will the required parameters of the new passwords be? I assume 8 characters or more, at least one capital letter and at least one number? Hopefully no special characters. I can never remember if I used an exclamation point or question mark. :)
Hey there,

There will be 1 special character, along with the 1 number, 1 upper case and 1 lower case. It will need to be at least 10 characters in length.


As for the leak, the article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

Their system was compromised and they grabbed user data for us and thousands of others. As soon as we were made aware, we cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

These tech blogs don't ever get the full story, there just have hearsay and run with and embellish it.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Thanks everyone,
Dayle
 

·
Premium Member
Joined
·
7,645 Posts
I just got notification from the Harley site i belong to and they sent me a new password to use to log in and then i had to change my password. same thing, at least one capital, at least one number, at least special character and at least ten characters long.

will you send us a new password or just notification to change our existing password?
 

·
Premium Member
Joined
·
5,608 Posts
I just got notification from the Harley site i belong to and they sent me a new password to use to log in and then i had to change my password. same thing, at least one capital, at least one number, at least special character and at least ten characters long.

will you send us a new password or just notification to change our existing password?
I got the same notice on the Road Glide forum. I'm not even sure i now how to change it.:)
 

·
Administrator
Joined
·
847 Posts
Discussion Starter #16
I just got notification from the Harley site i belong to and they sent me a new password to use to log in and then i had to change my password. same thing, at least one capital, at least one number, at least special character and at least ten characters long.

will you send us a new password or just notification to change our existing password?
Much like the other sites some of you are members on that have already run through this, the system will automatically force change your password and email it to you. You will then be required to log in and change your password under the new criteria.

If any of you are concerned about forgetting your password, remember that FireFox and Chrome both have the ability to remember passwords, and if you do still forget it, a "Forgot my password" change literally takes 2 minutes.

Nothing to worry about.

Thanks,
- JB
 

·
Administrator
Joined
·
27,870 Posts
jimmy2, thanks for the note, in addition to sending a PM to Admin, I am also posting this note on your behalf in case its helpful.

jimmy2 said:
I did they password change. Ever since I can't post any replies or see images. It says I don't have access. I messaged the admin several days ago. No reply yet.
Thanks
jimmy2
 

·
Administrator
Joined
·
27,870 Posts
All, I've sent Admin a separate PM with a link to this thread in case helpful. If you know of anyone who cannot log-in subsequent to having changed their password during this update period then please post their member name here and please copy/paste a link (url) to their member profile. This solves issues when some member name spellings nearly mirror another. Thanks.
 

·
Premium Member
Joined
·
10,729 Posts
Hey there is a few members over on the Facebook pages that are locked out and have been for a while. Some are also having an issue with the polar bear question not accepting ANY color for the answer. I told them to let me know their screen here so I could get to you and or Admin. The only one that has so far is hgt518.

Road Star Warrior Forum : Yamaha Star Warrior Forums - View Profile: hgt518
 
1 - 20 of 27 Posts
Top