Password update prompt

parkrunner

Which will happen first,

1) we get an honest answer?
2) this thread gets closed?

System

I've just been prompted to update mine, as it's 110 days old! Very strange.

tghe-retford

Twopints wrote: »

All these people so concerned about security that they haven't changed their password in over 10 years.....

:beer:

A strong, secure password containing a sixteen character string of small and capital letters, numbers and symbols will take a quarter of a trillion to a trillion years to crack. I think ten years is not an issue if you follow good security advice.

renifer7

steppevos wrote: »

The website is not even using https for the password change page. So all passwords (old and new) are send in plain text over the internet and we can keep using our existing password. So this is a complete non-action.
I think that MoneySavingExpert may have serious problems with the upcoming Data Protection Legislations coming into force in May this year :T.
Well, at least it made me aware that MSE doesn't take security very serious.

Same here, was very surprised to get the warning from my browser about the unsecure connection. I do have HTTPS everywhere but I'm guessing it's not enough. Not Impressed to say the least.
Someone mentioned there's no point in hacking someone's MSE Forum account - maybe there is, maybe there isn't, if someone happens to use the same password as here for their email address, which is ALSO here, then this is definitely a problem. :mad:

eschaton

The silence from MSE is deafening!

parkrunner

eschaton wrote: »

The silence from MSE is deafening!

Hardly surprising, they don't want to dig themselves any deeper.

Jinhao159

No response from MSE over the weekend is maybe not too surprising. However, I would have expected something by now.

Perhaps a request via the Data Commissioners Office. If MSE has been hacked they should have reported it.

Someone at MSE needs to wake up and tell us what is going on.

MORE IMPORTANTLY, MSE NEEDS TO PROVIDE A SECURE METHOD OF CHANGING PASSWORDS, ESPECIALLY AS THIS IS SUPPOSEDLY TO IMPROVE SECURITY:(

I have tried sending a twitter message to @MartinSLewis and @MoneySavingExp along with Facebook. These didn't result in a response from Staurday so not expecting much.

Also reported it as a technical problem.

jackieblack

Twopints wrote: »

All these people so concerned about security that they haven't changed their password in over 10 years.....

It's a forum! It's not banking, there's no financial or personal information stored...
Really... Even if someone did have obtain my password (which is more likely now we've had to change it using an unsecure web page than it was in the last 11 years) what's the worst that could happen? :huh:

poppy10_2

If it's a hack MSE have a duty to let us know. Just saying this isn't a banking site doesn't mean it doesn't have to obey the law. Our email addresses are personal information and if these have been obtained by hackers then MSE are obliged to inform us

joeypesci

MSE_Andrea wrote: »

Hi everyone

As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

Some hadn't been updated for some time and we want to make sure you change them regularly.

Thanks for your patience. Have a great weekend.

Andrea

What is the point where you're not evening using HTTPS. So all logins are being sent over the network in plain text.

Anyone using free WIFI and logging into this forum is then exposing their password and user name. Some people, no doubt, are using the same password elsewhere on the web.

So the forced password change is pointless and also normally a sign a company has had a breach. Is there something you're not telling us?