Attention - Password and Security Update - Page 2 - MG-Rover.org Forums
 30Likes
Reply
 
LinkBack Thread Tools Rate Thread Display Modes
post #21 of 135 (permalink) Old 16-06-2016, 18:37
Woof Woof
 
Join Date: Aug 2010
Location: Nottingham
Car: TF160 Disco 3.9 XR4i 4trak Yamaha XV535
Posts: 10,739
Can't change password

Eventually got back into the site after the forced pass change. After requesting a reset 3 times. Don't seem to be able to change it on the user CP. Any offers?
barkingdog is offline  
Sponsored Links
Advertisement
 
post #22 of 135 (permalink) Old 16-06-2016, 18:40
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by barkingdog View Post
Eventually got back into the site after the forced pass change. After requesting a reset 3 times. Don't seem to be able to change it on the user CP. Any offers?
It won't let you change it via http://forums.mg-rover.org/profile.php?do=editpassword

What happens if you try?

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #23 of 135 (permalink) Old 16-06-2016, 18:43
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
Quote:
Password complexity, ok, I get its quite secure, but not that bad at all
I don't want to upset the applecart but I have to assert, from my end at least that it is in fact that bad. (I will also asert seperately that it's not that secure either, but thats another debate). In short, for a slight change in security, the site usability has dropped by a massive amount, that I'm surprised anyone at all finds acceptable.

I don't usually store passwords on the computer (hows that for a security step?). My memory has always been enough, and I've never had an account hacked. What problem are we solving here?

I'm only one voice in the choir and all, but from this one it's too much and a complete downgrade of the site. No question in it at all.

It's obviously down to the sysadmin what they want to do, I can only state facts though and that any new password I use is going on a file or on a peice of paper, and that's something I don't usually do.



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
 
post #24 of 135 (permalink) Old 16-06-2016, 18:47
Woof Woof
 
Join Date: Aug 2010
Location: Nottingham
Car: TF160 Disco 3.9 XR4i 4trak Yamaha XV535
Posts: 10,739
Quote:
Originally Posted by Stu View Post
It won't let you change it via http://forums.mg-rover.org/profile.php?do=editpassword

What happens if you try?
Just says incorrect password. Can you link me to the right place?
barkingdog is offline  
post #25 of 135 (permalink) Old 16-06-2016, 18:53
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Up to the owners to set what they want. Its higher than I personally would have set, but previously it was too weak. Accounts on here have been hacked due to the weak passwords in the past, no doubt they have on the many forums they run (remember they have a lot) and will be putting in place a policy across all. I have suggested a balance, its up to them, we had no view of what the policy would be prior to last night.

Just because your particular password hasn't been used, doesn't mean it is secure. If you use it for all your sites, I could pretty much guarantee it is in one of the many hackers databases, just not been exploited.

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #26 of 135 (permalink) Old 16-06-2016, 18:58
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by barkingdog View Post
Just says incorrect password. Can you link me to the right place?
The link I gave is the correct place. http://forums.mg-rover.org/profile.php?do=editpassword

You put in your current password. Then the new one which once you have the right complexity all of the crosses will be ticks. Then repeat it in the next box and you should be good to go.

Not sure if there is also a history requirement, so make sure you have not used it before.

If it is new and all ticks it must be the current password that is wrong.

Just tested the link and reset my password again and its working fine.

Stu

Get cash back on your Insurance and many other web purchases through Quidco

Last edited by Stu; 16-06-2016 at 19:04.
Stu is offline  
post #27 of 135 (permalink) Old 16-06-2016, 19:03
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by coalman View Post
I got my new password via e mail.

QwErTy1234

Not tried to change it yet.BRB.
Will be challenging if what they have sent you does not even meet their own minimum complexity
barkingdog likes this.

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #28 of 135 (permalink) Old 16-06-2016, 19:03
Woof Woof
 
Join Date: Aug 2010
Location: Nottingham
Car: TF160 Disco 3.9 XR4i 4trak Yamaha XV535
Posts: 10,739
Quote:
Originally Posted by Stu View Post
The link I gave is the correct place. http://forums.mg-rover.org/profile.php?do=editpassword

You put in your current password. Then the new one which once you have the right complexity all of the crosses will be ticks. Then repeat it in the next box and you should be good to go.

Not sure if there is also a history requirement, so make sure you have not used it before.

If it is new and all ticks it must be the current password that is wrong.
Sorted. Finger trouble I guess.
barkingdog is offline  
post #29 of 135 (permalink) Old 16-06-2016, 19:10
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
If you want to see why this is an issue and the policy is most likely company wide (and not going to be influenced by the admins) then read 45m passwords stolen from over 1,100 VerticalScope forums

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #30 of 135 (permalink) Old 16-06-2016, 19:11
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
Quote:
Just because your particular password hasn't been used, doesn't mean it is secure.
My philosophy on security is that whilstever a website, any website, has my password (encryption is a moot point), that the above is potentially true.

I'm not a security expert but I can't think of a right lot of attack methods that an overly complex password would protect me from.

Quote:
Up to the owners to set what they want.
True, but there's no point me pretending it's an upgrade at this end because it isn't.



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
post #31 of 135 (permalink) Old 16-06-2016, 19:12
Registered User
 
Join Date: Mar 2007
Location: Bridgend South Wales
Car: Rover 620ti, 2x 1996 MGF, 4x MG TF, Mazda Bongo, 2x 1999 MGF, 1972 Ford Cortina Mk3 Citroen Picasso
Posts: 1,221
Quote:
Originally Posted by Stu View Post
Will be challenging if what they have sent you does not even meet their own minimum complexity
Funnily enough the password they sent me was 8 character with no symbols....also had problems logging in after I requested a new password

Also think its funny that they We'll also be sending out an email to users to let them know about the changes, in upcoming weeks. Most website owners do this before implementing changes.

Conspiracy theory time.....me thinks this website has already been hacked and are covering up the weak security by implementing changes
dert is offline  
post #32 of 135 (permalink) Old 16-06-2016, 19:16
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
Having read the above article quickly (and I mean quickly), surely the fix is a password change, with the adoption of better password storage policy?

Symbols blended with capitals is not going to save us.

Completely off topic, but anybody who does ever leave the site (or any site) might be wise to change their password upon leaving, if your account won't be deleted on request you don't want to leave it laying around...



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
post #33 of 135 (permalink) Old 16-06-2016, 19:20
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by Dakta View Post
What problem are we solving here?
Maybe the fact that the following list of sites have usernames of DAKTA which have all been compromised and their passwords are in the wild. So if any of them are you, your password if the same has leaked.

Neopets.com
Zoosk.com
iMesh.com
Fling.com
VerticalScope Network (Vbulletin) (939 Websites) has: 7 result(s)
R2Games Users
lbsg.net Minecraft app
Nexus Mods
HeroesOfNewerth.com
Ubisoft.com Forums
OnRPG.com
OwnedCore
Wildstar-Online.com 2015
MyDigitalLife.info
NGEMU.com
Anandtech.com
Pokecommunity.com
Majorgeeks.com
Amplitude-Studios.com

That was a 30 second search of one of the databases.

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #34 of 135 (permalink) Old 16-06-2016, 19:24
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
It seems I have an account on fling.com! :/

(i think you've got the wrong dakta)

just tried to log in, not happening.



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
post #35 of 135 (permalink) Old 16-06-2016, 19:24
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by Dakta View Post
Having read the above article quickly (and I mean quickly), surely the fix is a password change, with the adoption of better password storage policy?

Symbols blended with capitals is not going to save us.

Completely off topic, but anybody who does ever leave the site (or any site) might be wise to change their password upon leaving, if your account won't be deleted on request you don't want to leave it laying around...
The increase in complexity makes it harder for them to be decrypted if they do get hacked. So just changing the password with increased complexity does nothing to protect you, the complexity does.

Your off topic tip is very good. If you do not use complex one site passwords then setting a complex one on leaving a site (or at least one which is not the same as any others you use is a very good idea.

You may not wanting protecting from yourself, but Virtualscope have a duty of care to the masses and that can't be the lowest denominator. As I say I don't necessarily agree with how far they have gone, but it couldn't stay as it was.

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #36 of 135 (permalink) Old 16-06-2016, 19:25
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by Dakta View Post
It seems I have an account on fling.com! :/

(i think you've got the wrong dakta)
Didn't say they were all you, but some of them may well be. Only takes one (and there are 7 car forums which could well be).

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #37 of 135 (permalink) Old 16-06-2016, 19:29
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
Majorgeeks could be, but thats all I recognise, certainly not into minecraft of gaming.

On the bright side, like I say security is neither absolute nor guaranteed - I much prefer to assume an insecurity rather than security, and so I do beleive all encryption systems, whilst many are considered secure, if somebody wants some data, they will get it.

I suppose the question is, can verticalscope store my password in a secure way without making me use a password that makes the site unusable?

I don't want to push this on verticalscope really as I have a lot of sympathy towards data breaches etc, but other sites seem to manage, majorgeeks I'll concede perhaps slightly less so. Is the inconvenience of having to completely remember a new password using an extemetiy of letters, symbols and mixed case an asset here?


Still, I've been on the net 20 years, assuming they can read/edit all my posts as teenager old debating computer hardware to use (radeon 9600 or 9800 on my new build?) it isn't all bad going.


*im lying I was never that rich, had to settle for a 9800se



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
post #38 of 135 (permalink) Old 16-06-2016, 19:35
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Fling definitely isn't you from the details I can get from the site unless you used to use US postcodes

birthday: 1970-09-01
email: kokujiko@yahoo.com
username: Dakta
zip_code: 20109

I also got the password through a simple SQL query hack, but obviously won't disclose that.

Simple answer to you question is no, There is no way to guarantee an exploit will not be developed to hack however they secure it today (even using best practice). All they can do is reduce the risk of them being decrypted by the use of complexity.

We will have to wait for Virtualscope to comment as neither you nor I can change it. (well I could but I doubt it would be appreciated by them).

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
post #39 of 135 (permalink) Old 16-06-2016, 19:37
Diesel Tuning Dude
 
Dakta's Avatar
 
Join Date: Jul 2007
Location: Wakefield
Car: 75 Tourer Conn SE & 45 TDi VNT
Posts: 17,814
Garages
Send a message via MSN to Dakta
forget passwords, i think i need to change my username



Dieselpowered - file revisions ahead of the competition
Dakta is offline  
post #40 of 135 (permalink) Old 16-06-2016, 19:43
Stu
Administrator
 
Stu's Avatar
 
Join Date: Jul 2002
Location: Norfolk
Car: Merc E250 Convertible + Alfa Mito Turbo
Posts: 54,943
Garages
Send a message via MSN to Stu Send a message via Skype™ to Stu
Quote:
Originally Posted by Dakta View Post
forget passwords, i think i need to change my username
Good luck in finding a new one that someone hasn't already abused in some way.

Thats the problem for the younger generations when there have been several billion people on the internet before them.

Maybe it needs some additional complexity. Its is a bit short and could do with a number and special character

Or maybe not!

Stu

Get cash back on your Insurance and many other web purchases through Quidco
Stu is offline  
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the MG-Rover.org Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password on PC? StreetBoy PC Gen Chat & Help 5 23-06-2008 21:14

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome