someone changed my password

edited 30 November -1 at 1:00AM in Site Feedback
11 replies 879 views
AnthillmobAnthillmob Forumite
11.8K Posts
✭✭✭✭✭
edited 30 November -1 at 1:00AM in Site Feedback
this morning i was logged out of MSE and unable to log in using my username and password.

i know my password was correct because it is one i use on other sites (stupid i know). ive managed to get a new password emailed to me from here and have changed passwords on other sites so none correspond but would like to know if or how someone managed to change my passwrod.

thanks
There's someone in my head, but it's not me
«1

Replies

  • AnthillmobAnthillmob Forumite
    11.8K Posts
    ✭✭✭✭✭
    right so no one knows then? not even staff?

    granted it is crimbo but id still like to know.
    There's someone in my head, but it's not me
  • QuasarQuasar Forumite
    121.7K Posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    ✭✭✭✭✭✭
    Hi Ant, I think you're not going to get a reply until after Boxing Day, when staff are back...:o
    Be careful who you open up to. Today it's ears, tomorrow it's mouth.
  • jamesdjamesd Forumite
    25.2K Posts
    Part of the Furniture 10,000 Posts Name Dropper
    ✭✭✭✭✭
    Anthillmob, it's fundamentally insecure to have anyone able to see the password or to store the actual password in a database. Something like a salted hash is the way to store passwords in a database, so they can be used but not retrieved and used at other sites by anyone who gets them through some security problem.

    While it is fundamentally insecure, it's not uncommon to find that passwords are stored in plain text. Any site that will tell you your password via email is not really secure. The secure way to do it is to change your password and tell you the new one, which is what you have to do if you don't store the plain text of the original password. It seems as though that is what has happened here - the more secure approach.

    If any bank will tell you your current password or PIN, please complain to their security department about their insecure by design system. They aren't following prudent system design principles which have been known for decades.

    The typical problem you see from one of the insecure sites is someone getting the account details, then using the email address and password at lots of other financial sites to see if they work there and transferring the money out of the account if they do.

    If you don't want a password for each site, two alternative approaches are:

    One high level and one low level password, high level used only for sites that let you move real money, low level for the rest. Very insecure but at least it prevents routine site logins from compromising your banking.

    Adding the first or second or last or whatever letter of the site to a base password. Then simple automated use of the password at other sites will fail.
  • Lola23Lola23 Forumite
    1.7K Posts
    Bake Off Boss!
    Anthillmob wrote:
    this morning i was logged out of MSE and unable to log in using my username and password.

    i know my password was correct because it is one i use on other sites (stupid i know). ive managed to get a new password emailed to me from here and have changed passwords on other sites so none correspond but would like to know if or how someone managed to change my passwrod.

    thanks


    I was logged out today too. Managed to get an email sent to me with a password but want to change it now as it's just a bunch of numbers.
    Not sure how to do it.
    :hello: Never say Never :smileyhea
  • nelly_2nelly_2
    17.9K Posts
    10,000 Posts Combo Breaker
    ✭✭✭✭✭
    Lola23 wrote:
    I was logged out today too. Managed to get an email sent to me with a password but want to change it now as it's just a bunch of numbers.
    Not sure how to do it.

    goto user cp and edit email and password its the second box down on the left
  • PoppycatPoppycat Forumite
    19.9K Posts
    Part of the Furniture 10,000 Posts Combo Breaker
    ✭✭✭✭✭
    I recommend a program like roboform that will store your usernames and passwords. It wil also create a safe password which no will be able to guess using its password generator

  • Lola23Lola23 Forumite
    1.7K Posts
    Bake Off Boss!
    nelly wrote:
    goto user cp and edit email and password its the second box down on the left


    Thank You....Changed it now.
    :hello: Never say Never :smileyhea
  • Lola23Lola23 Forumite
    1.7K Posts
    Bake Off Boss!
    Poppycat wrote:
    I recommend a program like roboform that will store your usernames and passwords. It wil also create a safe password which no will be able to guess using its password generator


    I start to get mixed up with all the passwords..work ones too.

    Was off work for a few days, and when back found myself trying to enter my bank password :eek:

    Will need to keep a note of them all somewhere safe right enough.
    :hello: Never say Never :smileyhea
  • nelly_2nelly_2
    17.9K Posts
    10,000 Posts Combo Breaker
    ✭✭✭✭✭
    Lola23 wrote:
    Thank You....Changed it now.

    What have you cahnged it too?:rotfl:
  • Lola23Lola23 Forumite
    1.7K Posts
    Bake Off Boss!
    nelly wrote:
    What have you cahnged it too?:rotfl:



    Now that would be telling......hee hee. ;)
    :hello: Never say Never :smileyhea
This discussion has been closed.
Latest MSE News and Guides

Avro Energy and Green cease trading

What it means for your gas & electrity

MSE News

Energy mythbusting

What really makes a difference?

MSE Guides

Free £6 Amazon credit for some

When you add £50 to gift card balance

MSE Deals