Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 9th Feb 18, 3:09 PM
    • 8,923Posts
    • 21,511Thanks
    MSE Andrea
    Password update prompt
    • #1
    • 9th Feb 18, 3:09 PM
    Password update prompt 9th Feb 18 at 3:09 PM
    Hi everyone

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

    Some hadn't been updated for some time and we want to make sure you change them regularly.

    Thanks for your patience. Have a great weekend.

    Andrea
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 5
    • poppy10
    • By poppy10 12th Feb 18, 10:02 PM
    • 5,919 Posts
    • 7,162 Thanks
    poppy10
    If it's a hack MSE have a duty to let us know. Just saying this isn't a banking site doesn't mean it doesn't have to obey the law. Our email addresses are personal information and if these have been obtained by hackers then MSE are obliged to inform us
    Signature changed by MSE ForumTeam
    • joeypesci
    • By joeypesci 13th Feb 18, 11:39 AM
    • 452 Posts
    • 168 Thanks
    joeypesci
    Hi everyone

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

    Some hadn't been updated for some time and we want to make sure you change them regularly.

    Thanks for your patience. Have a great weekend.

    Andrea
    Originally posted by MSE Andrea
    What is the point where you're not evening using HTTPS. So all logins are being sent over the network in plain text.

    Anyone using free WIFI and logging into this forum is then exposing their password and user name. Some people, no doubt, are using the same password elsewhere on the web.

    So the forced password change is pointless and also normally a sign a company has had a breach. Is there something you're not telling us?
    • joeypesci
    • By joeypesci 13th Feb 18, 11:41 AM
    • 452 Posts
    • 168 Thanks
    joeypesci
    Does it matter? It's only a forum. It's not a financial account, or email account that could be used to reset other accounts.

    Apart from maybe for spamming purposes, nobody is interested in hacking anyone's forum account.
    Originally posted by Roland Sausage
    Yes because some people use the same passwords elsewhere and even the same user name.

    Lets assume someone comes along as is using the same details as their Facebook account, you now have access to their Facebook account also.
    • joeypesci
    • By joeypesci 13th Feb 18, 11:55 AM
    • 452 Posts
    • 168 Thanks
    joeypesci
    Its madness. So you're forcing everyone to change passwords but allowing everyone to change to the original password making the change pointless as people then aren't changing. And you're doing it all over HTTP so the change itself is insecure like your forum login is insecure due to not using SSL.

    You don't even have to pay for SSL certs now with places like Lets Encrypt.

    Madness. I assume Martin Lewis has no idea about this issue at the moment then? I assume he still works there? Not doing his name any favors.
    Last edited by joeypesci; 13-02-2018 at 1:13 PM. Reason: Spelling
    • pineapple
    • By pineapple 13th Feb 18, 12:12 PM
    • 6,021 Posts
    • 28,324 Thanks
    pineapple
    If it's a hack MSE have a duty to let us know. Just saying this isn't a banking site doesn't mean it doesn't have to obey the law. Our email addresses are personal information and if these have been obtained by hackers then MSE are obliged to inform us
    Originally posted by poppy10
    But IS there a legal obligation to inform users? I've googled this and am still not sure. Whatever - I can think of several instances where email providers were hacked but didn't inform users till well after the event.
    • joeypesci
    • By joeypesci 13th Feb 18, 1:23 PM
    • 452 Posts
    • 168 Thanks
    joeypesci
    But IS there a legal obligation to inform users? I've googled this and am still not sure. Whatever - I can think of several instances where email providers were hacked but didn't inform users till well after the event.
    Originally posted by pineapple
    Yes. Under the data protection act I believe. Probably not with regarding a forum not sure. Other companies that haven't informed users were fined. Talk Talk comes to mind.
    • Jinhao159
    • By Jinhao159 13th Feb 18, 6:04 PM
    • 13 Posts
    • 69 Thanks
    Jinhao159
    As MSE are not responding to comments on the forum, twitter or facebook I tweeted Martin Lewis and Jason Mills.

    I also reported it via the help pages.

    This is the reply I received from @MSEJason

    "Hi. Presume you’re referring to the forum? We’re putting in place additional security measures to protect users from spam etc. Will check the insecure page you mention"

    The incompetence is amazing. Force us to send insecure unencrypted data to prevent spam. Who knows what will happen to any users who use the same user names, passwords etc across multiple sites. It doesn't matter how many time we are told not to use common passwords, most people still do.

    They may eventually make it secure, but by then the damage will have been done.
    • Jinhao159
    • By Jinhao159 13th Feb 18, 6:12 PM
    • 13 Posts
    • 69 Thanks
    Jinhao159
    Tweet just sent to see if we can get a response and some action before the scammers discover MSE users are very vulnerable at the moment.

    "@MartinSLewis While you are busy criticising other companies MSE is doing noting about a gaping security hole on its own site. We are being forced to change passwords on unecrypted pages. Valuable data in the open for scammers. NO ONE REPLYING TO CONCERNS. LOOK AT FORUM BOARDS!!"

    Be interesting to see if I get a reply.
    • joeypesci
    • By joeypesci 13th Feb 18, 7:33 PM
    • 452 Posts
    • 168 Thanks
    joeypesci
    Tweet just sent to see if we can get a response and some action before the scammers discover MSE users are very vulnerable at the moment.

    "@MartinSLewis While you are busy criticising other companies MSE is doing noting about a gaping security hole on its own site. We are being forced to change passwords on unecrypted pages. Valuable data in the open for scammers. NO ONE REPLYING TO CONCERNS. LOOK AT FORUM BOARDS!!"

    Be interesting to see if I get a reply.
    Originally posted by Jinhao159
    And the fact others have found you can simply just use the same password and it accepts it.
    • Robin9
    • By Robin9 13th Feb 18, 8:46 PM
    • 2,230 Posts
    • 1,426 Thanks
    Robin9
    Having been prompted to change my password - which is the most secure ?

    1 Leave it as it is
    2 Accept the MSE password

    or 3 Do 2 then change it ?
    Never pay on an estimated bill
    • Money maker
    • By Money maker 14th Feb 18, 12:03 AM
    • 4,919 Posts
    • 11,203 Thanks
    Money maker
    Prompting for another password change - 5 days after the last one. This is getting too much.
    Please do not quote spam as this enables it to 'live on' once the spam post is removed.

    If you quote me, don't forget the capital 'M'

    Declutterers of the world - unite!
    • dunstonh
    • By dunstonh 14th Feb 18, 12:04 AM
    • 91,024 Posts
    • 58,025 Thanks
    dunstonh
    Hi everyone

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

    Some hadn't been updated for some time and we want to make sure you change them regularly.

    Thanks for your patience. Have a great weekend.

    Andrea
    Originally posted by MSE Andrea
    Andrea,

    I changed mine last week and I just got another prompt telling me that my password had not been changed in 5 days and I had to change it again. I am sure you didn't mean that regularly?
    I am an Independent Financial Adviser (IFA). Comments are for discussion purposes only. They are not financial advice. Different people have different needs and what is right for one person may not be for another. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.
    • GW78
    • By GW78 14th Feb 18, 12:06 AM
    • 294 Posts
    • 7,821 Thanks
    GW78
    I hope we aren't going to have to change them this frequently!
    • enthusiasticsaver
    • By enthusiasticsaver 14th Feb 18, 12:06 AM
    • 5,675 Posts
    • 11,213 Thanks
    enthusiasticsaver
    I was prompted to change my password last week after years of using the same one. Today I was prompted again after 5 days!! I really don't want to change it every week. What is going on?
    Debt free and mortgage free and early retiree. Living the dream

    I'm a Board Guide on the Debt-Free Wannabe, Mortgages, Banking and Budgeting boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Any views are mine and not the official line of moneysavingexpert.com. Pease remember, board guides don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com
    • gardner1
    • By gardner1 14th Feb 18, 12:12 AM
    • 2,345 Posts
    • 3,462 Thanks
    gardner1
    Somebody is taking the p155
    • Quasar
    • By Quasar 14th Feb 18, 12:12 AM
    • 113,747 Posts
    • 232,648 Thanks
    Quasar
    I was prompted to change my password last week after years of using the same one. Today I was prompted again after 5 days!! I really don't want to change it every week. What is going on?
    Originally posted by enthusiasticsaver
    Same here. I was prompted to change it 5 days ago and just now when refreshing a page I was asked to change it again. Five days expiry is absurd.
    After all, cellulite is just a packet of crisps that made it.
    • mjm3346
    • By mjm3346 14th Feb 18, 12:15 AM
    • 36,233 Posts
    • 240,407 Thanks
    mjm3346
    My mse password was completely different to anything else I use, but if I have to keep changing it every few days it's going to end up as "password" or something similar.
    Internet goodness £23983
    • steveE2
    • By steveE2 14th Feb 18, 12:17 AM
    • 1,187 Posts
    • 1,113 Thanks
    steveE2
    Just got the 5 day warning as well,absolutely ridiculous if we're expected to change passwords in less than a week
    • donnajunkie
    • By donnajunkie 14th Feb 18, 12:20 AM
    • 27,273 Posts
    • 14,951 Thanks
    donnajunkie
    Same here, changed it recently and got told again after 5 days to change it again. Absolutely ridiculous.
    • mgdavid
    • By mgdavid 14th Feb 18, 12:31 AM
    • 5,372 Posts
    • 4,629 Thanks
    mgdavid
    me too, change again after 5 days.
    I assume this is an MSE forum team / webmaster cockup?
    A salary slave no more.....
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

5,284Posts Today

7,002Users online

Martin's Twitter