Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • MSE Andrea
    • By MSE Andrea 14th Feb 18, 10:31 AM
    • 9,050Posts
    • 21,846Thanks
    MSE Andrea
    Password reset questions and feedback
    • #1
    • 14th Feb 18, 10:31 AM
    Password reset questions and feedback 14th Feb 18 at 10:31 AM
    Hi

    Sorry for the lack of notice to the password reset – we should have told you, but we didn’t want to draw attention to the spam creators.

    We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.

    We’re sorry for the inconvenience caused, but hopefully most managed to easily reset theirs.

    If you can’t remember your password you can get a reset link sent to the email you used to register your account.

    If you've changed your email address please update it in your user profile settings. If you're having problems updating it e.g., you no longer have access to the email account you registered with please email the Forum Team telling us your original email address.

    As an extra measure we’ve also put in place a 90 day time limit for password expiry, and would appreciate your feedback.
    Last edited by MSE Andrea; 14-02-2018 at 11:08 AM.
    Could you do with a Money Makeover?


    Follow MSE on other Social Media:
    MSE Facebook, MSE Twitter, MSE Deals Facebook, MSE Deals Twitter, Forum Twitter, Instagram, Pinterest
    Join the MSE Forum
    Get the Free MoneySavingExpert Money Tips E-mail
    Report inappropriate posts: click the report button
    Point out a rate/product change
    Flag a news story: news@moneysavingexpert.com
Page 2
    • jackieblack
    • By jackieblack 14th Feb 18, 12:18 PM
    • 7,772 Posts
    • 11,363 Thanks
    jackieblack
    I suppose royally p***ing off all the regular/longstanding forum members to the extent that they give up using the forum completely will eventually reduce the attractiveness of the forum to the spammers...
    Problem solved?
    2.22kWp Solar PV system installed Oct 2010, Fronius IG20 Inverter,
    south facing (-5 deg), 30 degree pitch, no shading

    Quidquid Latine dictum sit altum videtur
    (Revera linguam latinam vix cognovi )
    • ScorpiondeRooftrouser
    • By ScorpiondeRooftrouser 14th Feb 18, 12:20 PM
    • 2,608 Posts
    • 4,135 Thanks
    ScorpiondeRooftrouser
    And still no answer to the simple question "has there been a security breach".

    The lack of a "no" implies extremely strongly that the answer is "yes".
    • Elona
    • By Elona 14th Feb 18, 12:27 PM
    • 216 Posts
    • 2,247 Thanks
    Elona
    I have lost my original user name and pms after being here since about 2005.

    My original e mail went odd over the new year and cannot be used so I am scuppered.

    I can't be the only one whose e mail address has changed and then found they could not change it on this site.
    • JReacher1
    • By JReacher1 14th Feb 18, 12:53 PM
    • 2,831 Posts
    • 3,866 Thanks
    JReacher1
    I think the site may have been hacked.

    It has asked us to change our password now twice in a week.

    This is either due to a security breach or some IT incompetence!
    • Wizard of Id
    • By Wizard of Id 14th Feb 18, 12:58 PM
    • 3,937 Posts
    • 14,598 Thanks
    Wizard of Id
    How can changing our password every 90 days stop spammers that use throwaway accounts and have average time on the site of less than 90 minutes?

    eta
    unless of course you intend to stop newbies posting for 91 days.
    Every man is innocent until proven broke.
    Cryin won't help you, prayin won't do you no good.

    Keep Moving in 2018 Challenge - Target 3333 miles
    This week - 80.6
    Total so far - 1833.8
    • newatc
    • By newatc 14th Feb 18, 1:02 PM
    • 246 Posts
    • 281 Thanks
    newatc
    If MSE want to kill off the forum, they are on the right track!
    • BooJewels
    • By BooJewels 14th Feb 18, 1:17 PM
    • 278 Posts
    • 207 Thanks
    BooJewels
    As I've said a couple of time before, investigate improving the captcha mechanism on sign-up.
    Originally posted by redux
    I used to administer some forums for a large organisation that had many and as an experiment, we tried splitting the captcha graphic into three smaller ones and in the page code separated them into separate cells in a table. To a human it was indiscernible, but the spambots couldn't get past the first 2 digits in the first cell. Spam plummeted significantly and they implemented it across all forums. It's a few years ago now, so technology may not work the same way, but it was a change that cost nothing to implement.

    I also got the 5 day password reset early on, but couldn't be bothered, so closed the tab. When I came back later and visited again, I was still logged in. So whatever they hoped to achieve didn't seemingly work.
    Last edited by BooJewels; 14-02-2018 at 1:19 PM. Reason: Clumsy language
    • ben501
    • By ben501 14th Feb 18, 1:27 PM
    • 271 Posts
    • 403 Thanks
    ben501
    I agree with this too, though I suspect there is probably no budget available for such improvements.
    Originally posted by Moneyineptitude



    Martin Lewis sells MoneySavingExpert for £87m | Money | The Guardian 2012
    Originally posted by Sal Harper
    I'm no expert but I don't see a connection. Martin sold MSE so it's no longer his to fix, and the new owners had £87m less to spend.

    That said, while the comment about 'no budget' may be true, I would have thought adding a new CAPTCHA would be quite cheap, and possibly easier than all the disruption currently ongoing. Only my personal opinion though, and I have no knowledge in the area.
    • Superscrooge
    • By Superscrooge 14th Feb 18, 1:27 PM
    • 1,081 Posts
    • 775 Thanks
    Superscrooge
    Surely there must be better ways to cut down on the number of spam posts?

    Newbies can't post links. Would it not be possible to have a similar arrangement where newbies either can't start a new thread for a number of days, or alternatively can only start one new thread a day?
    • BooJewels
    • By BooJewels 14th Feb 18, 1:41 PM
    • 278 Posts
    • 207 Thanks
    BooJewels
    Would it not be possible to have a similar arrangement where newbies either can't start a new thread for a number of days, or alternatively can only start one new thread a day?
    Originally posted by Superscrooge
    Or have newbie new threads subjected to mod approval first - as many newbies will join specifically to ask a question when they have a problem, so I would guess that statistically many newbies first post will be in their own new thread.
    • suki1964
    • By suki1964 14th Feb 18, 2:05 PM
    • 11,097 Posts
    • 29,642 Thanks
    suki1964
    Surely there must be better ways to cut down on the number of spam posts?

    Newbies can't post links. Would it not be possible to have a similar arrangement where newbies either can't start a new thread for a number of days, or alternatively can only start one new thread a day?
    Originally posted by Superscrooge
    Whilst I know Martin no longer has input to this site, the site ethos was never to stop new members posting. As he said they may finally reach here when they are desperate. Not being able to access help when searching for it may be the final straw for some

    Perhaps having to captcha for the first 20 posts might help
    if you lend someone £20 and never see that person again, it was probably worth it
    • joeypesci
    • By joeypesci 14th Feb 18, 2:11 PM
    • 506 Posts
    • 184 Thanks
    joeypesci
    Hi

    Sorry for the lack of notice to the password reset – we should have told you, but we didn’t want to draw attention to the spam creators.

    We wanted to clamp down on the amount of spam that gets posted to the forum, and one of the many measures taken was to ask everyone to reset their password, and thus help weed out the bots and disposable accounts.

    We’re sorry for the inconvenience caused, but hopefully most managed to easily reset theirs.

    If you can’t remember your password you can get a reset link sent to the email you used to register your account.

    If you've changed your email address please update it in your user profile settings. If you're having problems updating it e.g., you no longer have access to the email account you registered with please email the Forum Team telling us your original email address.

    As an extra measure we’ve also put in place a 90 day time limit for password expiry, and would appreciate your feedback.
    Originally posted by MSE Andrea
    Whats the point in giving feedback when you've ignored the feedback in the last thread. You are forcing people to change their password over an insecure connection so passwords and user names are sent in plain text. You're also allowing people to just use the same password.

    So ignoring those facts, the fact you're still not using SSL means are suggestions are meaningless as they are just being ignored.

    So changing to a 90 day change is just going to annoy everyone, again, because you'll just do it over an insecure connection. So people logging in on free WIFI may well be having their logins stolen. Which the spammers can then use.
    • redux
    • By redux 14th Feb 18, 2:32 PM
    • 18,208 Posts
    • 24,083 Thanks
    redux
    Or have newbie new threads subjected to mod approval first - as many newbies will join specifically to ask a question when they have a problem, so I would guess that statistically many newbies first post will be in their own new thread.
    Originally posted by BooJewels
    That might be ok on a modest sized forum, but on something this big approving pre-moderated new posts and threads would probably be a lot more work than the actual spam problem, and also might well alienate or disorientate new people whose posts didn't appear until 2 or 6 hours later.
    • Witless
    • By Witless 14th Feb 18, 2:37 PM
    • 640 Posts
    • 3,216 Thanks
    Witless
    Whats the point in giving feedback when you've ignored the feedback in the last thread. You are forcing people to change their password over an insecure connection so passwords and user names are sent in plain text. You're also allowing people to just use the same password.

    So ignoring those facts, the fact you're still not using SSL means are suggestions are meaningless as they are just being ignored.

    So changing to a 90 day change is just going to annoy everyone, again, because you'll just do it over an insecure connection. So people logging in on free WIFI may well be having their logins stolen. Which the spammers can then use.
    Originally posted by joeypesci
    Exactly what I feel: but much more articulate.
    • walesrob
    • By walesrob 14th Feb 18, 2:46 PM
    • 460 Posts
    • 1,141 Thanks
    walesrob
    Can't the forum admin use a vB plugin to regulate sign-ups? I'm admin on a forum myself, we use Xenforo with the Honeypot plugin which is great at stopping spam.
    I was born to be wild, but only until around 9pm or so.
    • BooJewels
    • By BooJewels 14th Feb 18, 3:24 PM
    • 278 Posts
    • 207 Thanks
    BooJewels
    That might be ok on a modest sized forum, but on something this big approving pre-moderated new posts and threads would probably be a lot more work than the actual spam problem[...].
    Originally posted by redux
    I decided that myself when I tried to navigate out of this forum after posting and saw just how many that there were and realised it would be a near-impossible task to keep on top of.
    • joeypesci
    • By joeypesci 14th Feb 18, 3:36 PM
    • 506 Posts
    • 184 Thanks
    joeypesci
    Can't the forum admin use a vB plugin to regulate sign-ups? I'm admin on a forum myself, we use Xenforo with the Honeypot plugin which is great at stopping spam.
    Originally posted by walesrob
    Because they are a business its probably seen as "not cost effective". At some point, it wouldn't surprise me if they dump the forum as a "cost saving". Which would be a mistake as I'm sure lots of people come here and read the main site because of the forum. If the forum goes, I suspect they'll get a lot less traffic to the main site.
    • molerat
    • By molerat 14th Feb 18, 4:40 PM
    • 18,775 Posts
    • 12,901 Thanks
    molerat
    We wanted to clamp down on the amount of spam that gets posted to the forum
    Originally posted by MSE Andrea
    Working then !
    www.helpforheroes.org.uk/donations.html
    • rtho782
    • By rtho782 14th Feb 18, 5:45 PM
    • 1,098 Posts
    • 801 Thanks
    rtho782
    Given that Letsencrypt offer free SSL certificates and would take all of 2-3 minutes to configure, there is literally zero excuse for not running this site on HTTPS other than incompetence or negligence.

    Which is it?

    Would you like me to configure it for you?
    Deposit Saved since 01/12/15: £13,000 / £15,000 House Bought!

    Debt Cleared since 01/12/15: £6,000 / £7,500
    • eschaton
    • By eschaton 14th Feb 18, 6:08 PM
    • 1,768 Posts
    • 1,545 Thanks
    eschaton
    Can MSE Andrea when looking for the feedback, just answer the questions that everyone is asking?


    1. Has the site been hacked?

    2. Has data on forum members been compromised in any way?


    Or does she just want to answer the posts that suit her?
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,078Posts Today

8,272Users online

Martin's Twitter
  • Quick #eng pre-match poll. What result do you predict?

  • I agree this glitch wasn't flights for 1p it was flights for c. £200 - I think many would've expected that to be th? https://t.co/QUTnlBLPkj

  • Was the BA fare glitch fair? Are you one of those let down by BA cancelling cheap flights to Tel Avivandr Dubai? H? https://t.co/PvN8Zaxbue

  • Follow Martin