Attention - Password and Security Update - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


Reply
 
LinkBack Thread Tools Display Modes
Old Jun 14th, 2016, 11:16 AM   #1
Administrator
 
VSAdmin's Avatar
 
Join Date: Nov 2012
Posts: 374
Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
VSAdmin is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old Jun 14th, 2016, 04:28 PM   #2
Honourable Citizen
 
polywog's Avatar
 
Join Date: Aug 2007
Location: Orleans, On
Posts: 1,489
Quote:
Originally Posted by VSAdmin View Post
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
How the heck did you know my password!
polywog is offline   Reply With Quote
Old Jun 14th, 2016, 05:09 PM   #3
veni vidi voltage
 
latitude50's Avatar
 
Join Date: Jun 2011
Location: Okanagan BC
Posts: 21
Ha ha polywog.
(sorry, you can't have "fluffy" as your password anymore!)
I thought VSAdmin was talking to me.
Since you will likely go to fluffy1 I'll take fluffy2.
<next>
__________________
Some days it's just not worth gnawing through the restraints.
latitude50 is offline   Reply With Quote
 
Old Jun 14th, 2016, 05:14 PM   #4
Honourable Citizen
 
polywog's Avatar
 
Join Date: Aug 2007
Location: Orleans, On
Posts: 1,489
Quote:
Originally Posted by latitude50 View Post
Ha ha polywog.
(sorry, you can't have "fluffy" as your password anymore!)
I thought VSAdmin was talking to me.
Since you will likely go to fluffy1 I'll take fluffy2.
<next>
OK but stick to even numbers, so we don't step on each other's toes in 366 days!
polywog is offline   Reply With Quote
Old Jun 14th, 2016, 06:55 PM   #5
Honourable Citizen
 
Join Date: Jun 2006
Posts: 6,076
Bah, forced resets after a year? That's a bit of a nuisance. I already use a random 50 char password that's unique to ehMac.

Can you add an opt-out?
John Clay is offline   Reply With Quote
Old Jun 15th, 2016, 10:02 AM   #6
Honourable Citizen
 
heavyall's Avatar
 
Join Date: Nov 2012
Location: Winterpeg
Posts: 1,524
Get out of here with this. I use the passwords that I do for a reason. I'm not even remotely interested in this nonsense.
heavyall is offline   Reply With Quote
Old Jun 15th, 2016, 10:09 AM   #7
Indigent Academic
 
rgray's Avatar
 
Join Date: Feb 2005
Location: the Gulag of E ON
Posts: 8,095
Where does this leave those of us who bought lifetime memberships, in good faith. Remember the mugs?
__________________
"not all those who wander are lost….." j.r.r. tolkien
rgray is offline   Reply With Quote
Old Jun 15th, 2016, 01:03 PM   #8
Administrator
 
VSAdmin's Avatar
 
Join Date: Nov 2012
Posts: 374
Hey guys,

I understand your frustration with this sudden, and seemingly aggressive change.
We are being aggressive about this for member's protection. Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used. Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

I understand the frustration when referring to the forced PW changes.
At this moment we are going to be going this route, though down the road, we may look into other means of security protection. There is no guarantee of this.

Right now, I am going to ask you guys to try and be open to this sudden change.
We are trying to protect the members of our sites.
If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you so much, in anticipation of your understanding,

Richard.
VSAdmin is offline   Reply With Quote
Old Jun 15th, 2016, 04:53 PM   #9
Honourable Citizen
 
Join Date: Jun 2006
Posts: 6,076
Quote:
Originally Posted by VSAdmin View Post
Hey guys,

I understand your frustration with this sudden, and seemingly aggressive change.
We are being aggressive about this for member's protection. Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used. Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

I understand the frustration when referring to the forced PW changes.
At this moment we are going to be going this route, though down the road, we may look into other means of security protection. There is no guarantee of this.

Right now, I am going to ask you guys to try and be open to this sudden change.
We are trying to protect the members of our sites.
If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you so much, in anticipation of your understanding,

Richard.
Given the sudden interest in security, why not add SSL/HTTPS to the entire site? It's simple to do, and very affordable.

You could even do 2-factor authentication with support for Google Authenticator!
John Clay is offline   Reply With Quote
Old Jun 15th, 2016, 06:12 PM   #10
Honourable Citizen
 
pm-r's Avatar
 
Join Date: May 2009
Location: Brentwood Bay BC
Posts: 14,163
Oh goody, another site wanting more password and new security protection to protect me and my Mac which contains nothing personal other than my name, address and phone number that is readily available in various phone directories anyway. Oh yes, and some photos.

What am I being protected from in this case being an ehmac.ca member???
pm-r is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Security Hole Discovered in Certain FileVault Configurations on OS X 10.7.3 Joker Eh Anything Mac 0 May 7th, 2012 11:31 AM
Wii & Airport Express Connection Issue VertiGoGo Anything Mac 7 Dec 28th, 2007 10:04 PM
New Updates Available. macguy.nielsen Anything Mac 6 Mar 2nd, 2006 03:58 PM
Changing root password - Problem William Mac, iPhone, iPad and iPod Help & Troubleshooting 3 May 8th, 2005 03:21 PM
Security Update corrupts iMac..? Lars2 Mac, iPhone, iPad and iPod Help & Troubleshooting 2 Dec 11th, 2003 10:20 AM


All times are GMT -4. The time now is 11:08 AM.



Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright © 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!