We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password update prompt
Options
Comments
-
Roland_Sausage wrote: »Does it matter? It's only a forum. It's not a financial account, or email account that could be used to reset other accounts.
Apart from maybe for spamming purposes, nobody is interested in hacking anyone's forum account.
Yes because some people use the same passwords elsewhere and even the same user name.
Lets assume someone comes along as is using the same details as their Facebook account, you now have access to their Facebook account also.0 -
Its madness. So you're forcing everyone to change passwords but allowing everyone to change to the original password making the change pointless as people then aren't changing. And you're doing it all over HTTP so the change itself is insecure like your forum login is insecure due to not using SSL.
You don't even have to pay for SSL certs now with places like Lets Encrypt.
Madness. I assume Martin Lewis has no idea about this issue at the moment then? I assume he still works there? Not doing his name any favors.0 -
But IS there a legal obligation to inform users? I've googled this and am still not sure. Whatever - I can think of several instances where email providers were hacked but didn't inform users till well after the event.If it's a hack MSE have a duty to let us know. Just saying this isn't a banking site doesn't mean it doesn't have to obey the law. Our email addresses are personal information and if these have been obtained by hackers then MSE are obliged to inform us0 -
But IS there a legal obligation to inform users? I've googled this and am still not sure. Whatever - I can think of several instances where email providers were hacked but didn't inform users till well after the event.
Yes. Under the data protection act I believe. Probably not with regarding a forum not sure. Other companies that haven't informed users were fined. Talk Talk comes to mind.0 -
As MSE are not responding to comments on the forum, twitter or facebook I tweeted Martin Lewis and Jason Mills.
I also reported it via the help pages.
This is the reply I received from @MSEJason
"Hi. Presume you’re referring to the forum? We’re putting in place additional security measures to protect users from spam etc. Will check the insecure page you mention"
The incompetence is amazing. Force us to send insecure unencrypted data to prevent spam. Who knows what will happen to any users who use the same user names, passwords etc across multiple sites. It doesn't matter how many time we are told not to use common passwords, most people still do.
They may eventually make it secure, but by then the damage will have been done.0 -
Tweet just sent to see if we can get a response and some action before the scammers discover MSE users are very vulnerable at the moment.
"@MartinSLewis While you are busy criticising other companies MSE is doing noting about a gaping security hole on its own site. We are being forced to change passwords on unecrypted pages. Valuable data in the open for scammers. NO ONE REPLYING TO CONCERNS. LOOK AT FORUM BOARDS!!"
Be interesting to see if I get a reply.0 -
Tweet just sent to see if we can get a response and some action before the scammers discover MSE users are very vulnerable at the moment.
"@MartinSLewis While you are busy criticising other companies MSE is doing noting about a gaping security hole on its own site. We are being forced to change passwords on unecrypted pages. Valuable data in the open for scammers. NO ONE REPLYING TO CONCERNS. LOOK AT FORUM BOARDS!!"
Be interesting to see if I get a reply.
And the fact others have found you can simply just use the same password and it accepts it.0 -
Having been prompted to change my password - which is the most secure ?
1 Leave it as it is
2 Accept the MSE password
or 3 Do 2 then change it ?Never pay on an estimated bill. Always read and understand your bill0 -
Prompting for another password change - 5 days after the last one. This is getting too much.Please do not quote spam as this enables it to 'live on' once the spam post is removed.
If you quote me, don't forget the capital 'M'
Declutterers of the world - unite! :rotfl::rotfl:0 -
MSE_Andrea wrote: »Hi everyone
As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.
Some hadn't been updated for some time and we want to make sure you change them regularly.
Thanks for your patience. Have a great weekend.
Andrea
Andrea,
I changed mine last week and I just got another prompt telling me that my password had not been changed in 5 days and I had to change it again. I am sure you didn't mean that regularly?I am an Independent Financial Adviser (IFA). The comments I make are just my opinion and are for discussion purposes only. They are not financial advice and you should not treat them as such. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards