Password update prompt

ctdctd

4316 days here :-)

But really - an insecure password change form on a financial site? Are we still in the last decade?

Stompa

4766 days!

jamesd

1. To see what MSE does when there's a security prolem with the site read this MSE news story from 2009: https://www.moneysavingexpert.com/news/banking/2009/11/all-web-users-urged-to-run-anti-virus-check

2. Not everyone has (yet) had to change their password, I'm one who hasn't been asked. But see 3...

3. Back in 2011 I received spam on an email address only ever used for MSE and on investigation it turned out that my account had been accessed from someone else apparently in Belgium or Germany. Since then I've been getting prompted for passwords more often here than for most of my work and any of my financial accounts. I use reasonably secure ones.

pineapple

So everyone has to change their passwords all of a sudden, including newbies and it's just because some haven't been changed for a while and it's good to change them regularly anyway.
Errm yeah right..................

Bogof_Babe

While changing my password just now I found the system still had an email address that I haven't used for about ten years. I corrected it, only to be told "that email address is already in use, have you forgotten your password?". Err, no...

Anyway by re-starting the whole palaver I have apparently successfully changed my password, but the system is still showing a defunct email address. Presumably this doesn't matter then?

tghe-retford

keith969 wrote: »

Can you confirm or deny whether this site has been hacked and member's passwords stolen?

It's unusual to require a password change after 12 years without a good reason.

Any time I have seen a forced password change, it has always been down to a security breach.

To claim that this move is to improve security and enforce regular password changes (far more frequent that what Government organisations who have access to confidential data use if someone had to change their password after 11 days!) whilst at the same time not implementing and using HTTPS as is becoming the norm for websites to implement, suggests to me that there has been a breach.

When MSE does implement HTTPS (and they should do so as soon as possible), I would suggest everyone change their password again as a precaution to a strong password not used anywhere else because at this moment in time, the connection is not secure and anyone could intercept data between your browser and the website.

nicechap

I wonder if its to do with the removal of the spam button for a few days? It was speculated someone had numerous accounts and used them to press the spam button which led the automatic deleting of posts and threads.

RichardD1970

Well that was a right pain in the !!!!!

I have always only used the login with Facebook option.

Do you think it would accept my Facebook password to allow me to change it. No chance.

Right faff to sort it.

The silence from the Forum Team as to why this is necessary is rather worrying.

IF there has been a security breach, surely we need to know as I'm sure some people will have used the same password for other things (people are by nature lazy where these things are concerned )

Former_MSE_Andrea

Hi,

I’m sorry for the delay replying.

This isn’t the first time we’ve sent a prompt out in this or other ways. MSE’s priority is to ensure your security so we’ve prompted everyone to change them.

We realise it might be frustrating but your security comes first.

Lorian

So have account details been compromised?