Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:
1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and
2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.
We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.
Do we go ahead and change the password now (and where do we do that), or do we wait until we try to access the site and are forced to type in a new password?
You will receive a prompt to reset your password. I'm not too sure when this will happen, but within the near future.
You can go ahead and change your password now if you'd like, but as mentioned you will have to change it again.
For those of you who are curious on how to do that go to:
User CP -> Your Control Panel -> Settings and Options -> Edit Email and Password.
If you guys have any more concerns/questions/feedback regarding this issue, please feel free to post them here!
We are not at liberty to say too much as this issue is being investigated by authorities.
There are articles going around, talking about the issue, though they leave a lot out. A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.
I hope this helped clarify some things.
If you have any Concerns/Comments/Questions about this, please feel free to ask us here.
Since user data has been compromised, all users should be informed as they may use the same password for other sites (e.g. banking, email, etc.) That would be really important information that everyone needs to know.
we will be and have been sending out forced password changes, patched our end of the breach a bit ago, putting in extra security, and notifying all users, admins, mods, including everyone at our office to make all the changes as the users have. its for the extra security boost. and also, to keep the users accounts safe, along with everyone elses for the future. this patches everything. its a matter of "just in case" kind of thing.
We appreciate all the input on the matter though. And we do apologize for any inconvience this causes.
Protecting your account here will protect this site from being vandalized, and will help protect accounts on other sites. The basic info (ie. email) that could be gleamed from a hacked account could compromise other accounts on different sites, ones that may have access to more sensitive information. paypal sites, shopping sites, etc. to name a few. Adding complexity puts a stopper on that happening. We are putting in this changes to not just amp up security, but also to help with user account safety as users use the same password, or in some cases, the same email and username for sites with more sensitive information when on the internet.
as such, we thought this would be the best course of action to touch base with all users, and cover everyone.
Let me know if you have any further inquiries and questions.
Super-duper passwords dont help hacks/breaches. The new password requirements are unnecessarily complex for a forum. This isn't access codes for nukes.
if the passwords are too complex and strict at this time, we can revisit this subject a bit later down the line.
~Shane
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Triumph 675 Forums
1.2M posts
39.9K members
Since 2005
A forum community dedicated to Triumph 675 owners and enthusiasts. Come join the discussion about performance, modifications, classifieds, troubleshooting, maintenance, and more!