Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 9th Feb 18, 3:09 PM
    • 9,006Posts
    • 21,792Thanks
    MSE Andrea
    Password update prompt
    • #1
    • 9th Feb 18, 3:09 PM
    Password update prompt 9th Feb 18 at 3:09 PM
    Hi everyone

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.

    Some hadn't been updated for some time and we want to make sure you change them regularly.

    Thanks for your patience. Have a great weekend.

    Andrea
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 4
    • cajef
    • By cajef 10th Feb 18, 2:32 PM
    • 4,744 Posts
    • 3,787 Thanks
    cajef
    Worth noting that your system allows the old password to be reused.
    Originally posted by neilmcl
    I tried that and was told my old password was too short and I needed to enter a minimum of eight characters.

    I have been a member since 2005 and this is the first time I have been told I have to change my password.
    I used to have a handle on life, but it broke.
    • tronator
    • By tronator 10th Feb 18, 2:47 PM
    • 2,660 Posts
    • 1,476 Thanks
    tronator
    MSE has an ongoing project to add encrypted connection support. It's not supported by this version of the forum software and it's not easy for the biggest places to upgrade or change forum software.
    Originally posted by jamesd
    I highly doubt that the vBulletin doesn't support SSL.
    https://www.vbulletin.org/forum/showpost.php?p=2574789&postcount=3

    SSL should transparent to the software used. You just need to use relative URLs throughout your site instead of hard coding http:// into the script and css URLs.

    The only problem I see is external mixed content. But most (if not all) file hosting services are ussing SSL these days. So it's only a matter of changing links of embedded content to https.
    • onomatopoeia99
    • By onomatopoeia99 10th Feb 18, 2:51 PM
    • 4,181 Posts
    • 9,394 Thanks
    onomatopoeia99

    As eagle-eyed regular forum members have noticed already, we're asking you all to update your passwords. You should be doing this regularly for your own peace of mind.
    Originally posted by MSE Andrea
    Please explain why. Unless your database has been compromised ( which you would tell us, wouldn't you?) there should be no need to change passwords every five minutes.

    Actually, what would be more helpful to know is why the main website is served over https (indeed it is force redirected there if one connects via http) despite containing mainly static content, yet this part of the site which requires a login has no certificate and cannot be reached over https. That's backwards.
    INTP, nerd, libertarian and scifi geek.
    Home is where my books are.
    • luxor4t
    • By luxor4t 10th Feb 18, 3:17 PM
    • 10,061 Posts
    • 36,301 Thanks
    luxor4t
    I tried replacing my old password with the same word but it seems my 'perfectly OK for the last however many years' password was too short for MSE now. So I have replaced it with a different word of exactly the same length - which was accepted.
    Confused? Yes, me too.
    I can cook and sew, make flowers grow.
  • jamesd
    I highly doubt that the vBulletin doesn't support SSL.
    Originally posted by tronator
    MSE is using version 3.8.4 which was released in 2009 then heavily customised. Whatever the details this old version was given by MSE as a reason for not yet using https here.
    Last edited by jamesd; 10-02-2018 at 9:15 PM.
    • tealady
    • By tealady 10th Feb 18, 7:31 PM
    • 2,776 Posts
    • 3,312 Thanks
    tealady
    As a matter of good security you should make sure your email address and password on other sites, like Amazon and Ebay are NOT the same as you have here or on any other forum.

    Without any further information it would still be prudent to change your password on any other sites where you may have used the same password with the same email address.

    And as annoying as it may seem, don't change your password here back to the same as it was.
    Originally posted by Lorian
    The password I use for MSE is nothing like the one I use for important stuff like baning.
    My MSE password is one I use for general chat room stuff so I couldn't give a monkeys if people guess what it is.
    Proud to be an MSE nerd
    Judge people by their achievements, not by their mistakes
    • GibbsRule No3.
    • By GibbsRule No3. 10th Feb 18, 8:40 PM
    • 3 Posts
    • 3 Thanks
    GibbsRule No3.
    Yay! They fixed it for me and on a weekend. Back to my old user name. Thank you MSE and two others who know who they are. Darn maybe it is not fixed, this is the new name.
    Paddle No 21
    • GibbsRule No3
    • By GibbsRule No3 10th Feb 18, 8:48 PM
    • 657 Posts
    • 382 Thanks
    GibbsRule No3
    Okay, so I logged out of the new name and logged in again with the old one, so hopefully this post does appear as my old self.
    Paddle No 21
    • Moneyineptitude
    • By Moneyineptitude 10th Feb 18, 9:18 PM
    • 20,151 Posts
    • 11,095 Thanks
    Moneyineptitude
    Darn maybe it is not fixed, this is the new name.
    Originally posted by GibbsRule No3 with 3 posts .
    Okay, so I logged out of the new name and logged in again with the old one, so hopefully this post does appear as my old self.
    Originally posted by GibbsRule No3 with 643 posts
    Well done Gibbs (No4?)
    • Alan Cross
    • By Alan Cross 11th Feb 18, 12:29 PM
    • 1,134 Posts
    • 1,130 Thanks
    Alan Cross
    This all smacks of MSE having been hacked... and I mean big time...

    What are we not being told?
    • venison
    • By venison 11th Feb 18, 2:16 PM
    • 2,051 Posts
    • 2,198 Thanks
    venison
    arghh drove me crazy as it wouldn't accept my email address even though Ive been using it for 2 years, had to use another email before it let me back into MSE with a new password.Never mind
    Last edited by venison; 11-02-2018 at 2:40 PM.
    Ex Board Guide
    • parkrunner
    • By parkrunner 11th Feb 18, 5:54 PM
    • 1,096 Posts
    • 1,731 Thanks
    parkrunner
    Which will happen first,

    1) we get an honest answer?
    2) this thread gets closed?
    • avogadro
    • By avogadro 11th Feb 18, 6:27 PM
    • 4,003 Posts
    • 7,100 Thanks
    avogadro
    I've just been prompted to update mine, as it's 110 days old! Very strange.
    • tghe-retford
    • By tghe-retford 11th Feb 18, 6:42 PM
    • 364 Posts
    • 4,162 Thanks
    tghe-retford
    All these people so concerned about security that they haven't changed their password in over 10 years.....

    Originally posted by Twopints
    A strong, secure password containing a sixteen character string of small and capital letters, numbers and symbols will take a quarter of a trillion to a trillion years to crack. I think ten years is not an issue if you follow good security advice.
    • renifer7
    • By renifer7 12th Feb 18, 12:33 AM
    • 147 Posts
    • 449 Thanks
    renifer7
    The website is not even using https for the password change page. So all passwords (old and new) are send in plain text over the internet and we can keep using our existing password. So this is a complete non-action.
    I think that MoneySavingExpert may have serious problems with the upcoming Data Protection Legislations coming into force in May this year .
    Well, at least it made me aware that MSE doesn't take security very serious.
    Originally posted by steppevos
    Same here, was very surprised to get the warning from my browser about the unsecure connection. I do have HTTPS everywhere but I'm guessing it's not enough. Not Impressed to say the least.
    Someone mentioned there's no point in hacking someone's MSE Forum account - maybe there is, maybe there isn't, if someone happens to use the same password as here for their email address, which is ALSO here, then this is definitely a problem.

    Must...remember...cashback......
    • eschaton
    • By eschaton 12th Feb 18, 5:07 PM
    • 1,756 Posts
    • 1,528 Thanks
    eschaton
    The silence from MSE is deafening!
    • parkrunner
    • By parkrunner 12th Feb 18, 6:02 PM
    • 1,096 Posts
    • 1,731 Thanks
    parkrunner
    The silence from MSE is deafening!
    Originally posted by eschaton
    Hardly surprising, they don't want to dig themselves any deeper.
    • Jinhao159
    • By Jinhao159 12th Feb 18, 6:24 PM
    • 13 Posts
    • 88 Thanks
    Jinhao159
    No response from MSE over the weekend is maybe not too surprising. However, I would have expected something by now.

    Perhaps a request via the Data Commissioners Office. If MSE has been hacked they should have reported it.

    Someone at MSE needs to wake up and tell us what is going on.

    MORE IMPORTANTLY, MSE NEEDS TO PROVIDE A SECURE METHOD OF CHANGING PASSWORDS, ESPECIALLY AS THIS IS SUPPOSEDLY TO IMPROVE SECURITY

    I have tried sending a twitter message to @MartinSLewis and @MoneySavingExp along with Facebook. These didn't result in a response from Staurday so not expecting much.

    Also reported it as a technical problem.
    Last edited by Jinhao159; 12-02-2018 at 6:47 PM. Reason: Edited to show methods used to try to get an answer
    • jackieblack
    • By jackieblack 12th Feb 18, 6:46 PM
    • 7,716 Posts
    • 11,273 Thanks
    jackieblack
    All these people so concerned about security that they haven't changed their password in over 10 years.....
    Originally posted by Twopints
    It's a forum! It's not banking, there's no financial or personal information stored...
    Really... Even if someone did have obtain my password (which is more likely now we've had to change it using an unsecure web page than it was in the last 11 years) what's the worst that could happen?
    2.22kWp Solar PV system installed Oct 2010, Fronius IG20 Inverter,
    south facing (-5 deg), 30 degree pitch, no shading

    Quidquid Latine dictum sit altum videtur
    (Revera linguam latinam vix cognovi )
    • poppy10
    • By poppy10 12th Feb 18, 10:02 PM
    • 5,939 Posts
    • 7,184 Thanks
    poppy10
    If it's a hack MSE have a duty to let us know. Just saying this isn't a banking site doesn't mean it doesn't have to obey the law. Our email addresses are personal information and if these have been obtained by hackers then MSE are obliged to inform us
    Signature changed by MSE ForumTeam
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

348Posts Today

4,187Users online

Martin's Twitter
  • It's the start of mini MSE's half term. In order to be the best daddy possible, Im stopping work and going off line? https://t.co/kwjvtd75YU

  • RT @shellsince1982: @MartinSLewis thanx to your email I have just saved myself £222 by taking a SIM only deal for £7.50 a month and keeping?

  • Today's Friday twitter poll: An important question, building on yesterday's important discussions: Which is the best bit of the pizza...

  • Follow Martin