someone changed my password

Anthillmob

this morning i was logged out of MSE and unable to log in using my username and password.

i know my password was correct because it is one i use on other sites (stupid i know). ive managed to get a new password emailed to me from here and have changed passwords on other sites so none correspond but would like to know if or how someone managed to change my passwrod.

thanks

Anthillmob

right so no one knows then? not even staff?

granted it is crimbo but id still like to know.

Quasar

Hi Ant, I think you're not going to get a reply until after Boxing Day, when staff are back...:o

jamesd

Anthillmob, it's fundamentally insecure to have anyone able to see the password or to store the actual password in a database. Something like a salted hash is the way to store passwords in a database, so they can be used but not retrieved and used at other sites by anyone who gets them through some security problem.

While it is fundamentally insecure, it's not uncommon to find that passwords are stored in plain text. Any site that will tell you your password via email is not really secure. The secure way to do it is to change your password and tell you the new one, which is what you have to do if you don't store the plain text of the original password. It seems as though that is what has happened here - the more secure approach.

If any bank will tell you your current password or PIN, please complain to their security department about their insecure by design system. They aren't following prudent system design principles which have been known for decades.

The typical problem you see from one of the insecure sites is someone getting the account details, then using the email address and password at lots of other financial sites to see if they work there and transferring the money out of the account if they do.

If you don't want a password for each site, two alternative approaches are:

One high level and one low level password, high level used only for sites that let you move real money, low level for the rest. Very insecure but at least it prevents routine site logins from compromising your banking.

Adding the first or second or last or whatever letter of the site to a base password. Then simple automated use of the password at other sites will fail.

Lola23

Anthillmob wrote:

this morning i was logged out of MSE and unable to log in using my username and password.

i know my password was correct because it is one i use on other sites (stupid i know). ive managed to get a new password emailed to me from here and have changed passwords on other sites so none correspond but would like to know if or how someone managed to change my passwrod.

thanks

I was logged out today too. Managed to get an email sent to me with a password but want to change it now as it's just a bunch of numbers.
Not sure how to do it.

nelly_2

Lola23 wrote:

I was logged out today too. Managed to get an email sent to me with a password but want to change it now as it's just a bunch of numbers.
Not sure how to do it.

goto user cp and edit email and password its the second box down on the left

Poppycat

I recommend a program like roboform that will store your usernames and passwords. It wil also create a safe password which no will be able to guess using its password generator

Lola23

nelly wrote:

goto user cp and edit email and password its the second box down on the left

Thank You....Changed it now.

Lola23

Poppycat wrote:

I recommend a program like roboform that will store your usernames and passwords. It wil also create a safe password which no will be able to guess using its password generator

I start to get mixed up with all the passwords..work ones too.

Was off work for a few days, and when back found myself trying to enter my bank password :eek:

Will need to keep a note of them all somewhere safe right enough.

nelly_2

Lola23 wrote:

Thank You....Changed it now.

What have you cahnged it too?:rotfl:

Lola23

nelly wrote:

What have you cahnged it too?:rotfl:

Now that would be telling......hee hee.