Password update prompt
Comments
-
I was concerned as I!!!8217;d only just changed my password, after MacBook trouble and losing lots of stuff. It was so long ago that I joined MSE that I couldn!!!8217;t remember my password and no longer use the original email.
Password expired after 13 days!
Grateful for prompt response from team, though.Member #14 of SKI-ers club
Words, words, they're all we have to go by!.
(Pity they are mangled by this autocorrect!)0 -
MSE_Andrea wrote: »Hi,
I’m sorry for the delay replying.
This isn’t the first time we’ve sent a prompt out in this or other ways. MSE’s priority is to ensure your security so we’ve prompted everyone to change them.
We realise it might be frustrating but your security comes first.
That sounds crazy (at least to me).
Andrea - perhaps you could comment on the security concerns expressed by a number of posters.frankennsteiny wrote: »But our security isn't coming first when we are being asked to put a new password in over an unsecure connection leaving us open to hackers.
This is taken from Chrome and is the same for firefox surely a massive site like mse should be a lot more secure.Info or Not secure
The site isn't using a private connection. Someone might be able to see or change the information you send or get through this site.
You might see a "Login not secure" or "Payment not secure" message. We suggest that you don't enter sensitive details, like passwords or credit cards.
On some sites, you can visit a more secure version of the page:
- Select the address bar.
- Delete http://, and enter https:// instead.
0 -
As a matter of good security you should make sure your email address and password on other sites, like Amazon and Ebay are NOT the same as you have here or on any other forum.
Without any further information it would still be prudent to change your password on any other sites where you may have used the same password with the same email address.
And as annoying as it may seem, don't change your password here back to the same as it was.0 -
MSE_Andrea wrote: »Hi,
I’m sorry for the delay replying.
This isn’t the first time we’ve sent a prompt out in this or other ways. MSE’s priority is to ensure your security so we’ve prompted everyone to change them.
We realise it might be frustrating but your security comes first.
I wish there would be a "No Thanks" button. Have you even read the comments? There were people who were asked to change their password after just 11 days.
Why is this site not using HTTPS if "our security comes first"? In the day and age of Let's Encrypt there is absolutely no excuse for not using HTTPS.
Finally, changing passwords doesn't increase any security. The NIST changed their recommendations about it last year. If someone uses a strong password and don't use it anywhere else, it doesn't make it more secure. But first YOU should make YOUR site more secure as all passwords are sent in PLAIN TEXT OVER THE INTERNET.
</rant over>0 -
Pointless waste of time.
WHY?DFW Nerd 0350 -
If this was planned and is meant to improve security by making us change passwords on a regular basis that would be OK. However, if that was the case I would have expected to have been warned about the change of policy.
I refuse to change my password on an insecure page. What is wrong with using https://
I have signed up as a new user, using an old email address that I haven't used for several years. At least if my details are intercepted they wont get any current info that is connected to my old log in.
Also having trouble posting as I keep getting messages saying the site is experiencing technical problems.
Lack of response from MSE and timing makes me more and more suspicious that there has been a security breach and they don't want to comment until they know exactly what has happened.
MSE would be quick to criticise other companies and sites for such a lack of response and forcing users to use an insecure method of changing passwords:mad:
No need to be nice in any replies, I am not really a newbie :-)
0 -
MSE_Andrea wrote: »Hi,
I’m sorry for the delay replying.
This isn’t the first time we’ve sent a prompt out in this or other ways. MSE’s priority is to ensure your security so we’ve prompted everyone to change them.
We realise it might be frustrating but your security comes first.
That simply isn't true as you have asked us to update on a non secure connection, so how about the real reason?It's nothing , not nothink.0 -
AnotherJoe wrote: »how does me changing my password from abcde to defgh makes me more secure ?
Attempts to use the old details for your accounts elsewhere are still possible and it's particularly unwise to reuse unencrypted login details at other places for that reason.
MSE has an ongoing project to add encrypted connection support. It's not supported by this version of the forum software and it's not easy for the biggest places to upgrade or change forum software.
This place started in a much lower threat environment than we have today and the increasing use of mobile devices in public places further increases the risk.
So the regular changes are a workaround for an inherent weakness in the forum software login process.0 -
The other thread on this subject has now been closed with the comment that it's confusing having 2 threads on the same subject (I agree).
However, the thread that's been closed was started before this - the 'official' one. :whistle:0 -
Worth noting that your system allows the old password to be reused.
I have been a member since 2005 and this is the first time I have been told I have to change my password.0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards