Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 9th Feb 18, 3:09 PM
    • 8,937Posts
    • 21,532Thanks
    MSE Andrea
    Password update prompt
    • #1
    • 9th Feb 18, 3:09 PM
    Password update prompt 9th Feb 18 at 3:09 PM
    Hi everyone

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

    Some hadn't been updated for some time and we want to make sure you change them regularly.

    Thanks for your patience. Have a great weekend.

    Andrea
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 4
    • cajef
    • By cajef 10th Feb 18, 2:32 PM
    • 4,649 Posts
    • 3,711 Thanks
    cajef
    Worth noting that your system allows the old password to be reused.
    Originally posted by neilmcl
    I tried that and was told my old password was too short and I needed to enter a minimum of eight characters.

    I have been a member since 2005 and this is the first time I have been told I have to change my password.
    I used to have a handle on life, but it broke.
    • tronator
    • By tronator 10th Feb 18, 2:47 PM
    • 2,640 Posts
    • 1,464 Thanks
    tronator
    MSE has an ongoing project to add encrypted connection support. It's not supported by this version of the forum software and it's not easy for the biggest places to upgrade or change forum software.
    Originally posted by jamesd
    I highly doubt that the vBulletin doesn't support SSL.
    https://www.vbulletin.org/forum/showpost.php?p=2574789&postcount=3

    SSL should transparent to the software used. You just need to use relative URLs throughout your site instead of hard coding http:// into the script and css URLs.

    The only problem I see is external mixed content. But most (if not all) file hosting services are ussing SSL these days. So it's only a matter of changing links of embedded content to https.
    • onomatopoeia99
    • By onomatopoeia99 10th Feb 18, 2:51 PM
    • 3,896 Posts
    • 8,721 Thanks
    onomatopoeia99

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.
    Originally posted by MSE Andrea
    Please explain why. Unless your database has been compromised ( which you would tell us, wouldn't you?) there should be no need to change passwords every five minutes.

    Actually, what would be more helpful to know is why the main website is served over https (indeed it is force redirected there if one connects via http) despite containing mainly static content, yet this part of the site which requires a login has no certificate and cannot be reached over https. That's backwards.
    INTP, nerd, libertarian and scifi geek.
    Home is where my books are.
    • luxor4t
    • By luxor4t 10th Feb 18, 3:17 PM
    • 10,041 Posts
    • 36,141 Thanks
    luxor4t
    I tried replacing my old password with the same word but it seems my 'perfectly OK for the last however many years' password was too short for MSE now. So I have replaced it with a different word of exactly the same length - which was accepted.
    Confused? Yes, me too.
    I can cook and sew, make flowers grow.
  • jamesd
    I highly doubt that the vBulletin doesn't support SSL.
    Originally posted by tronator
    MSE is using version 3.8.4 which was released in 2009 then heavily customised. Whatever the details this old version was given by MSE as a reason for not yet using https here.
    Last edited by jamesd; 10-02-2018 at 9:15 PM.
    • tealady
    • By tealady 10th Feb 18, 7:31 PM
    • 2,767 Posts
    • 3,297 Thanks
    tealady
    As a matter of good security you should make sure your email address and password on other sites, like Amazon and Ebay are NOT the same as you have here or on any other forum.

    Without any further information it would still be prudent to change your password on any other sites where you may have used the same password with the same email address.

    And as annoying as it may seem, don't change your password here back to the same as it was.
    Originally posted by Lorian
    The password I use for MSE is nothing like the one I use for important stuff like baning.
    My MSE password is one I use for general chat room stuff so I couldn't give a monkeys if people guess what it is.
    Proud to be an MSE nerd
    Judge people by their achievements, not by their mistakes
    • GibbsRule No3.
    • By GibbsRule No3. 10th Feb 18, 8:40 PM
    • 3 Posts
    • 3 Thanks
    GibbsRule No3.
    Yay! They fixed it for me and on a weekend. Back to my old user name. Thank you MSE and two others who know who they are. Darn maybe it is not fixed, this is the new name.
    Paddle No 21
    • GibbsRule No3
    • By GibbsRule No3 10th Feb 18, 8:48 PM
    • 645 Posts
    • 376 Thanks
    GibbsRule No3
    Okay, so I logged out of the new name and logged in again with the old one, so hopefully this post does appear as my old self.
    Paddle No 21
    • Moneyineptitude
    • By Moneyineptitude 10th Feb 18, 9:18 PM
    • 19,513 Posts
    • 10,609 Thanks
    Moneyineptitude
    Darn maybe it is not fixed, this is the new name.
    Originally posted by GibbsRule No3 with 3 posts .
    Okay, so I logged out of the new name and logged in again with the old one, so hopefully this post does appear as my old self.
    Originally posted by GibbsRule No3 with 643 posts
    Well done Gibbs (No4?)
    • Alan Cross
    • By Alan Cross 11th Feb 18, 12:29 PM
    • 1,131 Posts
    • 1,120 Thanks
    Alan Cross
    This all smacks of MSE having been hacked... and I mean big time...

    What are we not being told?
    • venison
    • By venison 11th Feb 18, 2:16 PM
    • 1,639 Posts
    • 1,755 Thanks
    venison
    arghh drove me crazy as it wouldn't accept my email address even though Ive been using it for 2 years, had to use another email before it let me back into MSE with a new password.Never mind
    Last edited by venison; 11-02-2018 at 2:40 PM.
    I am a BG on loans,credit cards and benefits I volunteer to help get your forum questions answered and keep the forum running smoothly". Board guides are not moderators and don't read every post. If you spot an abusive or illegal post then please report it to forumteam@moneysavingexpert.com. Any views are mine and not the official line of MoneySavingExpert.com.
    • parkrunner
    • By parkrunner 11th Feb 18, 5:54 PM
    • 934 Posts
    • 1,413 Thanks
    parkrunner
    Which will happen first,

    1) we get an honest answer?
    2) this thread gets closed?
    • eyetoeye
    • By eyetoeye 11th Feb 18, 6:10 PM
    • 18 Posts
    • 0 Thanks
    eyetoeye
    So everyone has to change their passwords all of a sudden, including newbies and it's just because some haven't been changed for a while and it's good to change them regularly anyway.
    Errm yeah right..................
    Originally posted by pineapple
    Indeed I logged into my account today after not using this for a week or so and told to change my password as it had expired after 60 days
    • avogadro
    • By avogadro 11th Feb 18, 6:27 PM
    • 3,894 Posts
    • 6,854 Thanks
    avogadro
    I've just been prompted to update mine, as it's 110 days old! Very strange.
    • tghe-retford
    • By tghe-retford 11th Feb 18, 6:42 PM
    • 351 Posts
    • 4,113 Thanks
    tghe-retford
    All these people so concerned about security that they haven't changed their password in over 10 years.....

    Originally posted by Twopints
    A strong, secure password containing a sixteen character string of small and capital letters, numbers and symbols will take a quarter of a trillion to a trillion years to crack. I think ten years is not an issue if you follow good security advice.
    • renifer7
    • By renifer7 12th Feb 18, 12:33 AM
    • 146 Posts
    • 449 Thanks
    renifer7
    The website is not even using https for the password change page. So all passwords (old and new) are send in plain text over the internet and we can keep using our existing password. So this is a complete non-action.
    I think that MoneySavingExpert may have serious problems with the upcoming Data Protection Legislations coming into force in May this year .
    Well, at least it made me aware that MSE doesn't take security very serious.
    Originally posted by steppevos
    Same here, was very surprised to get the warning from my browser about the unsecure connection. I do have HTTPS everywhere but I'm guessing it's not enough. Not Impressed to say the least.
    Someone mentioned there's no point in hacking someone's MSE Forum account - maybe there is, maybe there isn't, if someone happens to use the same password as here for their email address, which is ALSO here, then this is definitely a problem.

    Must...remember...cashback......
    • eschaton
    • By eschaton 12th Feb 18, 5:07 PM
    • 1,614 Posts
    • 1,340 Thanks
    eschaton
    The silence from MSE is deafening!
    • parkrunner
    • By parkrunner 12th Feb 18, 6:02 PM
    • 934 Posts
    • 1,413 Thanks
    parkrunner
    The silence from MSE is deafening!
    Originally posted by eschaton
    Hardly surprising, they don't want to dig themselves any deeper.
    • Jinhao159
    • By Jinhao159 12th Feb 18, 6:24 PM
    • 13 Posts
    • 71 Thanks
    Jinhao159
    No response from MSE over the weekend is maybe not too surprising. However, I would have expected something by now.

    Perhaps a request via the Data Commissioners Office. If MSE has been hacked they should have reported it.

    Someone at MSE needs to wake up and tell us what is going on.

    MORE IMPORTANTLY, MSE NEEDS TO PROVIDE A SECURE METHOD OF CHANGING PASSWORDS, ESPECIALLY AS THIS IS SUPPOSEDLY TO IMPROVE SECURITY

    I have tried sending a twitter message to @MartinSLewis and @MoneySavingExp along with Facebook. These didn't result in a response from Staurday so not expecting much.

    Also reported it as a technical problem.
    Last edited by Jinhao159; 12-02-2018 at 6:47 PM. Reason: Edited to show methods used to try to get an answer
    • jackieblack
    • By jackieblack 12th Feb 18, 6:46 PM
    • 7,554 Posts
    • 10,894 Thanks
    jackieblack
    All these people so concerned about security that they haven't changed their password in over 10 years.....
    Originally posted by Twopints
    It's a forum! It's not banking, there's no financial or personal information stored...
    Really... Even if someone did have obtain my password (which is more likely now we've had to change it using an unsecure web page than it was in the last 11 years) what's the worst that could happen?
    2.22kWp Solar PV system installed Oct 2010, Fronius IG20 Inverter,
    south facing (-5 deg), 30 degree pitch, no shading

    Quidquid Latine dictum sit altum videtur
    (Revera linguam latinam vix cognovi )
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

145Posts Today

1,423Users online

Martin's Twitter