Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 14th Feb 18, 10:31 AM
    • 8,923Posts
    • 21,511Thanks
    MSE Andrea
    Password reset questions and feedback
    • #1
    • 14th Feb 18, 10:31 AM
    Password reset questions and feedback 14th Feb 18 at 10:31 AM
    Hi

    Sorry for the lack of notice to the password reset – we should have told you, but we didn’t want to draw attention to the spam creators.

    We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.

    We’re sorry for the inconvenience caused, but hopefully most managed to easily reset theirs.

    If you can’t remember your password you can get a reset link sent to the email you used to register your account.

    If you've changed your email address please update it in your user profile settings. If you're having problems updating it e.g., you no longer have access to the email account you registered with please email the Forum Team telling us your original email address.

    As an extra measure we’ve also put in place a 90 day time limit for password expiry, and would appreciate your feedback.
    Last edited by MSE Andrea; 14-02-2018 at 11:08 AM.
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 1
    • alanq
    • By alanq 14th Feb 18, 10:33 AM
    • 3,899 Posts
    • 2,548 Thanks
    alanq
    • #2
    • 14th Feb 18, 10:33 AM
    • #2
    • 14th Feb 18, 10:33 AM
    "90 day time limit"? Why have we been forced to change after 5 days?
    Last edited by alanq; 14-02-2018 at 10:37 AM.
    • Prinzessilein
    • By Prinzessilein 14th Feb 18, 10:40 AM
    • 2,175 Posts
    • 10,131 Thanks
    Prinzessilein
    • #3
    • 14th Feb 18, 10:40 AM
    • #3
    • 14th Feb 18, 10:40 AM
    You want to clamp down on spam?

    Everyone changed their passwords 5 days ago!

    And now everyone has to change again???!!!

    How much spam is this site getting?

    And how long before the next password change is mandatory?
    • TheCyclingProgrammer
    • By TheCyclingProgrammer 14th Feb 18, 10:42 AM
    • 3,057 Posts
    • 1,760 Thanks
    TheCyclingProgrammer
    • #4
    • 14th Feb 18, 10:42 AM
    • #4
    • 14th Feb 18, 10:42 AM
    A 90 day expiry on passwords is silly and serves no benefit whatsoever that I can see. How does forcing normal users to change their passwords cut down on spam?
    • Pollycat
    • By Pollycat 14th Feb 18, 10:42 AM
    • 19,000 Posts
    • 50,179 Thanks
    Pollycat
    • #5
    • 14th Feb 18, 10:42 AM
    • #5
    • 14th Feb 18, 10:42 AM
    Andrea
    A number of posters have expressed concern about security issues of being requested to reset passwords
    using a non-secure connection.
    Copied from another (now closed) thread 4 days ago:
    So to "ensure our security" you ask us to set a new password using a non-secure connection.
    That sounds crazy (at least to me).

    Andrea - perhaps you could comment on the security concerns expressed by a number of posters.
    Originally Posted by frankennsteiny
    But our security isn't coming first when we are being asked to put a new password in over an unsecure connection leaving us open to hackers.

    This is taken from Chrome and is the same for firefox surely a massive site like mse should be a lot more secure.

    Info or Not secure
    The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site.
    You might see a "Login not secure" or "Payment not secure" message. We suggest that you don't enter sensitive details, like passwords or credit cards.
    On some sites, you can visit a more secure version of the page:
    • Select the address bar.
    • Delete http://, and enter https:// instead.
    If that doesn't work, contact the site owner to ask that they secure the site and your data with HTTPS.
    Don't you think it's now an appropriate time to comment on this security aspect as well as the password reset one?
    Thanks
    • spadoosh
    • By spadoosh 14th Feb 18, 10:43 AM
    • 4,938 Posts
    • 6,577 Thanks
    spadoosh
    • #6
    • 14th Feb 18, 10:43 AM
    • #6
    • 14th Feb 18, 10:43 AM
    Theres 3 spam posts on the first page when you click 'new posts' (all boards).
    Don't be angry!
    • Cornucopia
    • By Cornucopia 14th Feb 18, 10:43 AM
    • 9,747 Posts
    • 9,494 Thanks
    Cornucopia
    • #7
    • 14th Feb 18, 10:43 AM
    • #7
    • 14th Feb 18, 10:43 AM
    If possible, I think it would be more appropriate to base the password reset time on a user's length of time with MSE.

    i.e. a newbie might be asked to reset their password every 60 days (and this could reduce the burden on the system of forgotten newbie accounts). Someone with at least 1 year's membership gets 120 day cycles, 3 years or more gets 360 day cycles.

    Overall, though, I'm not sure I see the connection between this and Spam. I understand, though, that you may not want to give away too much information about it.
    I'm a Board Guide on the Phones & TV, Techie Stuff, In My Home,
    The Money Savers Arms and Food Shopping boards. I'm a volunteer to help the boards run smoothly, and I can move and merge threads there. Any views (especially those on the UK TV Licence) are mine and not the official line of moneysavingexpert.com.

    Board guides are not moderators. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com
    • chesky
    • By chesky 14th Feb 18, 10:53 AM
    • 954 Posts
    • 1,499 Thanks
    chesky
    • #8
    • 14th Feb 18, 10:53 AM
    • #8
    • 14th Feb 18, 10:53 AM
    I am not what you might call very techie, however if the idea of resetting the passwords (twice) was to curtail the spam, it does not seem to be working. There were 20 spam postings on the credit card board this morning. So, what next?
    • redux
    • By redux 14th Feb 18, 10:58 AM
    • 17,996 Posts
    • 23,200 Thanks
    redux
    • #9
    • 14th Feb 18, 10:58 AM
    • #9
    • 14th Feb 18, 10:58 AM
    We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.
    Originally posted by MSE Andrea
    As I've said a couple of time before, investigate improving the captcha mechanism on sign-up.

    On another forum I am on, a couple of years ago there were increases in numbers of spam posts (pre-moderated there, so not as bad for all readers), and I was spending about an hour an evening clearing up and banning accounts. I sent a message to admin, he changed the captcha, and spam dropped to 3 or 4 a week.

    I just looked on a website for one of the spambot programmes. They are boasting about improvements in solving captchas, so even this should be a clue that this is something worth looking at here.
    Last edited by redux; 14-02-2018 at 11:07 AM.
    • NaughtiusMaximus
    • By NaughtiusMaximus 14th Feb 18, 11:00 AM
    • 587 Posts
    • 1,417 Thanks
    NaughtiusMaximus
    Can't see how forcing a password change would have much an effect on the spam posts. The usual way forum spammers work is to register, post and (I hope) have their account deactivated by site admin all within a few hours of each other.
    • suki1964
    • By suki1964 14th Feb 18, 11:00 AM
    • 10,554 Posts
    • 27,468 Thanks
    suki1964
    The boards are awash with spam again

    So I guess this isn't working
    if you lend someone £20 and never see that person again, it was probably worth it
    • NeverInDebt
    • By NeverInDebt 14th Feb 18, 11:03 AM
    • 2,571 Posts
    • 3,049 Thanks
    NeverInDebt
    This clearly isnt working all it is doing is inconveniencing genuine users with all due respect. The bots are still happy spamming as we speak. The captcha is easy to bypass I have seen much better. Your forums are targetted a lot more because of the amount of users you have therefore you need better spam protection. Changing your password every x amount of time I dont see how that can stop spam
    • redux
    • By redux 14th Feb 18, 11:06 AM
    • 17,996 Posts
    • 23,200 Thanks
    redux
    I notice that some of the posts now are pushing a UK phone number.

    I suggest contacting the number provider and reporting the specific number and hence by implication the customer.
    • chesky
    • By chesky 14th Feb 18, 11:12 AM
    • 954 Posts
    • 1,499 Thanks
    chesky
    And I do not understand why you closed down the : password update prompt thread which had 146 posts, just to open this one on the same issue. A lot of people will not bother to look at it if it is closed.

    And when is the whole use of apostrophes going to be sorted out? I am fed up with sounding like a Victorian.
    • Moneyineptitude
    • By Moneyineptitude 14th Feb 18, 11:15 AM
    • 19,443 Posts
    • 10,544 Thanks
    Moneyineptitude
    Ia newbie might be asked to reset their password every 60 days (and this could reduce the burden on the system of forgotten newbie accounts). Someone with at least 1 year's membership gets 120 day cycles, 3 years or more gets 360 day cycles.
    Originally posted by Cornucopia
    I agree with this, though it's unlikely the forum's functionality is such that the password expiry date can be so individually tailored.
    As I've said a couple of time before, investigate improving the captcha mechanism on sign-up.
    Originally posted by redux
    I agree with this too, though I suspect there is probably no budget available for such improvements.

    Regardless, I notice there is just as much spam on the boards as ever this morning...

    I notice that some of the posts now are pushing a UK phone number.
    Originally posted by redux
    Probably only disguised as coming from the UK I'm afraid.
    Last edited by Moneyineptitude; 14-02-2018 at 11:17 AM.
    • jackieblack
    • By jackieblack 14th Feb 18, 11:43 AM
    • 7,545 Posts
    • 10,864 Thanks
    jackieblack
    As an extra measure we’ve also put in place a 90 day time limit for password expiry, and would appreciate your feedback.
    Originally posted by MSE Andrea
    Does this mean everyone is going to have to change their password every 90 days?
    2.22kWp Solar PV system installed Oct 2010, Fronius IG20 Inverter,
    south facing (-5 deg), 30 degree pitch, no shading

    Quidquid Latine dictum sit altum videtur
    (Revera linguam latinam vix cognovi )
    • anotheruser
    • By anotheruser 14th Feb 18, 11:44 AM
    • 2,566 Posts
    • 1,515 Thanks
    anotheruser
    Hassle

    Hassle

    Hassle

    I had a fairly easy password but to be barred unless I change it to something that is 7 or 8 characters or whatever long... hassle.

    I don't really care that much if a "hacker" manages to guess my password. What are they going to do? Post on my behalf?

    I appreciate some people do care about their account a fair but more than I, so those people can choose a longer password but I shouldn't be required to if I don't want to.

    If it expires every 90 days, I'll be posting a lot less as I'll probably forget whatever the latest password is, and then have to go through the reset option, so I might as well just make a new account...
    • redux
    • By redux 14th Feb 18, 12:00 PM
    • 17,996 Posts
    • 23,200 Thanks
    redux
    I notice that some of the posts now are pushing a UK phone number.

    I suggest contacting the number provider and reporting the specific number and hence by implication the customer.
    Originally posted by redux
    Probably only disguised as coming from the UK I'm afraid.
    Originally posted by Moneyineptitude
    When you receive a spam phone call, the number may be spoofed, as you suggest, but if posts here are inviting people to call a number then that will be a real number.

    Phone providers don't like furnishing facilities to fraudsters. Apart from possible reputational damage by association, there is a fair chance they won't be paid.
    • NeilCr
    • By NeilCr 14th Feb 18, 12:12 PM
    • 1,246 Posts
    • 1,511 Thanks
    NeilCr
    When I went to log in this morning I got the change your password message. It said to do so on the page with the message on. I may be very thick but in no way as it obvious how to do so. I had to fiddle around till I could find a link to the UserCP.

    It does not bother me about changing passwords but it should be simple and obvious how to do it.

    I am on an IPad. No idea if that makes any difference
    • pineapple
    • By pineapple 14th Feb 18, 12:13 PM
    • 6,021 Posts
    • 28,324 Thanks
    pineapple
    Does this mean everyone is going to have to change their password every 90 days?
    Originally posted by jackieblack
    Indeed. I'm another who doesn't understand how this curtails spam. Presumably spammers start by setting up an account so the issue (as well as effective monitoring systems) is stopping them setting up an account in the first place.
    My head hurts....
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

163Posts Today

1,833Users online

Martin's Twitter