Password reset questions and feedback

Former_MSE_Andrea · 14 February 2018 at 11:31AM

Hi

Sorry for the lack of notice to the password reset – we should have told you, but we didn’t want to draw attention to the spam creators.

We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.

We’re sorry for the inconvenience caused, but hopefully most managed to easily reset theirs.

If you can’t remember your password you can get a reset link sent to the email you used to register your account.

If you've changed your email address please update it in your user profile settings. If you're having problems updating it e.g., you no longer have access to the email account you registered with please email the Forum Team telling us your original email address.

As an extra measure we’ve also put in place a 90 day time limit for password expiry, and would appreciate your feedback.

alanq · 14 February 2018 at 11:33AM

"90 day time limit"? Why have we been forced to change after 5 days?

Prinzessilein · 14 February 2018 at 11:40AM

You want to clamp down on spam?

Everyone changed their passwords 5 days ago!

And now everyone has to change again???!!!

How much spam is this site getting?

And how long before the next password change is mandatory?

TheCyclingProgrammer · 14 February 2018 at 11:42AM

A 90 day expiry on passwords is silly and serves no benefit whatsoever that I can see. How does forcing normal users to change their passwords cut down on spam?

Pollycat · 14 February 2018 at 11:42AM

Andrea
A number of posters have expressed concern about security issues of being requested to reset passwords
using a non-secure connection.
Copied from another (now closed) thread 4 days ago:

So to "ensure our security" you ask us to set a new password using a non-secure connection.
That sounds crazy (at least to me).

Andrea - perhaps you could comment on the security concerns expressed by a number of posters.

Originally Posted by frankennsteiny
But our security isn't coming first when we are being asked to put a new password in over an unsecure connection leaving us open to hackers.

This is taken from Chrome and is the same for firefox surely a massive site like mse should be a lot more secure.

Info or Not secure
The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site.
You might see a "Login not secure" or "Payment not secure" message. We suggest that you don't enter sensitive details, like passwords or credit cards.
On some sites, you can visit a more secure version of the page:

Select the address bar.

Delete http://, and enter https:// instead.

If that doesn't work, contact the site owner to ask that they secure the site and your data with HTTPS.

Don't you think it's now an appropriate time to comment on this security aspect as well as the password reset one?
Thanks

spadoosh · 14 February 2018 at 11:43AM

Theres 3 spam posts on the first page when you click 'new posts' (all boards).

Cornucopia · 14 February 2018 at 11:43AM

If possible, I think it would be more appropriate to base the password reset time on a user's length of time with MSE.

i.e. a newbie might be asked to reset their password every 60 days (and this could reduce the burden on the system of forgotten newbie accounts). Someone with at least 1 year's membership gets 120 day cycles, 3 years or more gets 360 day cycles.

Overall, though, I'm not sure I see the connection between this and Spam. I understand, though, that you may not want to give away too much information about it.

chesky · 14 February 2018 at 11:53AM

I am not what you might call very techie, however if the idea of resetting the passwords (twice) was to curtail the spam, it does not seem to be working. There were 20 spam postings on the credit card board this morning. So, what next?

redux · 14 February 2018 at 11:58AM

MSE_Andrea wrote: »

We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.

As I've said a couple of time before, investigate improving the captcha mechanism on sign-up.

On another forum I am on, a couple of years ago there were increases in numbers of spam posts (pre-moderated there, so not as bad for all readers), and I was spending about an hour an evening clearing up and banning accounts. I sent a message to admin, he changed the captcha, and spam dropped to 3 or 4 a week.

I just looked on a website for one of the spambot programmes. They are boasting about improvements in solving captchas, so even this should be a clue that this is something worth looking at here.

NaughtiusMaximus · 14 February 2018 at 12:00PM

Can't see how forcing a password change would have much an effect on the spam posts. The usual way forum spammers work is to register, post and (I hope) have their account deactivated by site admin all within a few hours of each other.

suki1964 · 14 February 2018 at 12:00PM

The boards are awash with spam again

So I guess this isn't working

Password reset questions and feedback

Comments

Categories

Get our FREE Weekly email full of deals & guides - and it’s spam-free