Attention - Password and Security Update - Page 2 - Ford Bronco Forum
 24Likes
Reply
 
LinkBack Thread Tools Display Modes
post #21 of 61 (permalink) Old 06-23-2016, 05:44 PM
Nothing beets a Fullsize
 
Kingfish999's Avatar
 
Join Date: May 2010
Location: Palm Harbor FL
Posts: 7,652
Bronco Info: 96 Bronco (5.8 DD E4OD), 88 Bronco Mudder (Engineless), 90 F250 (Explorer 5.0 4R70W)
iTrader: (21)
Garage
i dont mind a more complex password but seems abit overboard, especially with a special character. that makes my password more complex for a free forum than i use for my own bank account. not that i will forget it but still. most people wouldn't use the same password for a forum as they would something more important mainly because the important password would require the extra complexity. but that we have our passwords needing to be stronger, people may use the same password for both which would be worse off if either server was hacked

soo far this is the second place i received the same email. guess i may as well use the same password for both


-----96 5.0 E4OD--------------88 5.8 C6--------------96 5.8 E4OD------
---------KIA-------------------Mud/Trail---------------Daily Driver------
Kingfish999 is offline  
Sponsored Links
Advertisement
 
post #22 of 61 (permalink) Old 06-23-2016, 05:48 PM
Retired Staff
 
Join Date: Sep 2004
Location: Spring Grove, Illinois
Posts: 12,542
Bronco Info: 79 Bronco
iTrader: (22)
I'm in, thanks pepe!
BikerPepe` likes this.
Ranger429 is offline  
post #23 of 61 (permalink) Old 06-23-2016, 06:13 PM
Registered User
 
marshallnoise's Avatar
 
Join Date: Jun 2016
Location: Oceanside
Posts: 241
Bronco Info: '79 Custom
iTrader: (0)
Thanks for watching over this PeePee; you are not in an enviable position.

I admit, it is rather irritating. There was a music forum that I belonged to that got bought out by Musicians Friend (who Guitar Center bought a few years later). They destroyed the website. In the transition, they did a massive sweep like this though and I had a VERY old email address that hotmail gangstered from me that they used to send the password reset links when the whole site updated. It sucks loosing 10 years (now, 15) of history because of an administrative oversight.
BikerPepe` likes this.

1995 BMW 540i
'79 SHTF Daily Build
1997 Toyota 4Runner (locked)
marshallnoise is online now  
 
post #24 of 61 (permalink) Old 06-23-2016, 06:33 PM
Registered User
 
Join Date: Jun 2015
Location: New Jersey
Posts: 2
Bronco Info: 1995 Ford Bronco XLT Sport Black (5.8L)
iTrader: (0)
Garage
Quote:
Originally Posted by schwim View Post
...

The days of a script looping through 10,000 dictionary words to try to log into your account are long gone. Even when it doesn't work, it's a huge drain on server resources. Here's one example of how this should be protected against:

...

With 10 attempts, you could have a 4 character unrestricted password and would likely never see a compromised account.

...
To be fair, though, schwim, your argument is only valid if the passwords are successfully protected in the first place. Passwords are stored in an encrypted manner (and if they are not, then whatever system they are tied to should not exist) not to prevent brute force login attempts but to protect the passwords in the case that the database is compromised. If the database is protected, then it does not matter if if the passwords are encrypted. An administrator with direct access to the database could view the passwords stored in plain text, but this would be not visible to any end users.

However, if the database of passwords was compromised, this is where encryption and password security comes into play. As long as an attacker knows the encryption scheme that was used, (and there are some other little details that can also make this more difficult) then the attacker does not need to burden the login server with failed password attempts. Furthermore, any lockout mechanisms would have no effect if the attacker was trying to crack the password database by brute force on their own machine (with their own copy of the compromised database). They would have unlimited retries, and never be "locked out".

Therefore, if the sites security is breached, and encrypted passwords are leaked, then password complexity is still important.
He Who Plays is offline  
post #25 of 61 (permalink) Old 06-23-2016, 07:20 PM
Registered User
 
Join Date: Jul 2014
Posts: 659
Bronco Info: 1993 Bronco Custom Trim - 302 Stock - E4OD Transmission
iTrader: (0)
Quote:
Originally Posted by He Who Plays View Post
To be fair, though, schwim, your argument is only valid if the passwords are successfully protected in the first place. Passwords are stored in an encrypted manner (and if they are not, then whatever system they are tied to should not exist) not to prevent brute force login attempts but to protect the passwords in the case that the database is compromised. If the database is protected, then it does not matter if if the passwords are encrypted. An administrator with direct access to the database could view the passwords stored in plain text, but this would be not visible to any end users.

However, if the database of passwords was compromised, this is where encryption and password security comes into play. As long as an attacker knows the encryption scheme that was used, (and there are some other little details that can also make this more difficult) then the attacker does not need to burden the login server with failed password attempts. Furthermore, any lockout mechanisms would have no effect if the attacker was trying to crack the password database by brute force on their own machine (with their own copy of the compromised database). They would have unlimited retries, and never be "locked out".

Therefore, if the sites security is breached, and encrypted passwords are leaked, then password complexity is still important.
You posted an entire explanation of why this password complexity requirement is pointless and then added a final sentence of "ignore that it's actually important".

If they have the database they have unlimited attempts to crack whatever protection it has whether it be Salted or what. So you made your password more complex, doesn't change the end result.

This approach of "password complexity" smacks of some decision maker stuck in an early 00s technology battle. Password complexity is dead. It does nothing and helps no one in 2016. Password complexity only protects against Dictionary Attacks that have long since been thrown to the wayside as a waste of the criminals' time. That's why financial institutions and major corporate websites have moved on to Two Step Verification for security.

If FSB had moved to a Two Step Verification system that would have made sense. This does not.

1993 Ford Bronco Custom Trim w/ 302 V8
pollux is online now  
post #26 of 61 (permalink) Old 06-23-2016, 10:26 PM
House of Windsor 4ever!
 
Handy_andy_cv64's Avatar
 
Join Date: Jul 2006
Location: Everett, WA
Posts: 9,577
Bronco Info: 79 Ranchero GT/97 Eddie Bauer Exploder 5.0 AWD
iTrader: (2)
Garage
Interesting you bring up two-step verification; the XenForo "bulletin board" program has two-step verification built in but IIRC, it can be selected to not work, work on a voluntary basis or be required.

_____________________________________________

[Silver70] In 100 years, when astronauts visit the landing site, they'll stumble upon the little FSB rover with a busted driveshaft, twisted up on a moon-rock flexing the SAS, and think, "Man... those things can go anywhere. Screw Jeep."
Handy_andy_cv64 is offline  
post #27 of 61 (permalink) Old 06-24-2016, 01:25 AM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
Quote:
Originally Posted by BikerPepe` View Post
ATTENTION: If you are one of those members and still had your old account connected to a bad email account, so you were forced to make a new login profile to get back on FSB, PLEASE NOTIFY A SITE ADMINISTRATOR. No bullshit though... we will be cross-referencing IP addresses to verify your claims.
We will merge your new account with your old account, so you will be properly tied to all your past postings and can avoid any of our Post Limit settings. Thank you all and our apologies for the inconvenience.
I'll be back on tomorrow... probably around 9 am, PST.
If you need help, just let me know and I'll do whatever I can.
Regular Moderators don't have the access to deal with your profiles directly, Redwagon is kinda hit-or-miss and jopes is "out fishing"... so I'm trying to do the best I can for everyone but I've got a life to deal with outside of FSB as well, so please be patient.

G'night.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #28 of 61 (permalink) Old 06-24-2016, 08:23 AM
Registered User
 
AUBronco's Avatar
 
Join Date: May 2005
Location: Birmingham, AL
Posts: 2,669
Bronco Info: 89 EB 302/ AOD/ 4:56/ Aussie Rear/ L/S front/ 3G/ 2.5" Lift/ 35" M/T's
iTrader: (7)
Back in. Thanks Pepe for the help. Got all my junk corrected now.
BikerPepe` likes this.

Patrick

89 EB Bronco: 302, AOD, 4:56's, Rear Aussie Locked, Front L/S and Warn Hubs, 35" M/T's, 2.5" lift, Custom front and rear bumpers and sliders .

More to come as soon as the bank says ok.
My supermotors page
AUBronco is offline  
post #29 of 61 (permalink) Old 06-24-2016, 10:11 AM
The Anti Yam!
 
Gacknar's Avatar
 
Join Date: Oct 2003
Location: Georgia, Douglasville
Posts: 22,716
Bronco Info: 86 Bronco XLT 357w/AOD
iTrader: (4)
Quote:
Originally Posted by BikerPepe` View Post
ATTENTION: If you are one of those members and still had your old account connected to a bad email account, so you were forced to make a new login profile to get back on FSB, PLEASE NOTIFY A SITE ADMINISTRATOR. No bullshit though... we will be cross-referencing IP addresses to verify your claims.
We will merge your new account with your old account, so you will be properly tied to all your past postings and can avoid any of our Post Limit settings. Thank you all and our apologies for the inconvenience.
This needs to be worded slightly differently and placed at the top of the main forum page.

It should also be a message automatically displayed each time a log in attempt fails and should include a contact to get in touch with to work through the problem.

I can word smith it if you like.

86 Bronco - 357W/AOD - 6" suspension lift, 3" body lift - 38" TSL Radials - 456:1 Gears
Sequential Multiport Mass-Air Fuel Injection from a 93 Mustang GT

My SuperMotors Site - My Engine

The Greatest Thread on FSB
Gacknar is offline  
post #30 of 61 (permalink) Old 06-24-2016, 11:59 AM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
feel free Gack. I was fumbling about yesterday, trying to keep up with a lot of assistance requests and some of this debacle.
You know that any pop-up and failed log-in msg. creation is going to be on AutoGuide, afaik.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #31 of 61 (permalink) Old 06-24-2016, 01:04 PM
C-Dub_2.0
Guest
 
Posts: n/a
Quote:
Originally Posted by BikerPepe` View Post
Those guys are likely screwed. They'll probably have to make another log in identity to get back on FSB.

================================================== ============================


ATTENTION: If you are one of those members and still had your old account connected to a bad email account, so you were forced to make a new login profile to get back on FSB, PLEASE NOTIFY A SITE ADMINISTRATOR. No bullshit though... we will be cross-referencing IP addresses to verify your claims.
We will merge your new account with your old account, so you will be properly tied to all your past postings and can avoid any of our Post Limit settings. Thank you all and our apologies for the inconvenience.
Not sure what makes a bad email account, but i got locked out. Tried to reset password and got nothing. Tried "contact us" and nothing, granted that was only this morning.
post #32 of 61 (permalink) Old 06-24-2016, 01:42 PM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
check yer PM's bud. help is on the way!
c-dub likes this.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #33 of 61 (permalink) Old 06-24-2016, 02:06 PM
FSM Lifetime
 
c-dub's Avatar
 
Join Date: Jan 2007
Location: Corner of no and where, KS
Posts: 3,982
Bronco Info: 96 xlt 5.8 (blk) e40d
iTrader: (4)
Quote:
Originally Posted by BikerPepe` View Post
check yer PM's bud. help is on the way!
...And we're back. No power in the verse can stop you. Thanks for the assist. The horror's i seen as a new forum member, the adds oh so many adds.
BikerPepe` likes this.


black 96 5.8 xlt sport, e40d, edelbrock intake, bassani y-pipe, bilstien shocks, 32"bfg's
azure blue 03 mach1 4.6 dohc


"Sorry - no matches. Please try some different terms."
c-dub is offline  
post #34 of 61 (permalink) Old 06-24-2016, 02:14 PM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
man... if I got paid for this shit, I'd be asking for a raise!

glad we're getting folks all straightened out though. Sorry for the hassles everyone, not that we (your local member staff) had any control or say in it... but we're trying like hell to get everybody back in and on and taken care of.
c-dub likes this.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #35 of 61 (permalink) Old 06-24-2016, 04:51 PM
Kitteh Commandaar!
 
KC200787's Avatar
 
Join Date: Sep 2007
Location: Fort Meade, MD
Posts: 4,197
Bronco Info: 2006 F150 Lariet 4x4 ECSB - 5.4 Trition
iTrader: (2)
Working in technology field related to what is going on right now, this amuses me and frustrates me greatly when people make decisions like this . At any rate to the fourm admins - this problem has been forced upon you and I've been in that position for a big system...it sucks :


BTW - Brute Force Attacks for the win, all you need is time and you can crack anything

KC
BikerPepe` likes this.

My Supermotors PageMy vehicles:
DD - Truck: 2006 Ford F150 Lariet, Ext. Cab, 5.4, Auto, 105K
Truck: 1995 Ford F150, Ext. Cab, 5.0L, 5sp, 189k miles, 4x4, 31" Trailblazer Mud Terrains - currently broken
KC200787 is offline  
post #36 of 61 (permalink) Old 06-24-2016, 04:54 PM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
for anyone having issues... I'll keep checking back in throughout the day.
luckily for everyone having problems... the weather is crap today, otherwise I'd be out painting bike parts and you'd all be burnt!
ok... not really, but you know me. gotta be a smart-ass if/when possible.


seriously though... shoot me a PM or leave a note here and I'll keep checking back in and get you taken care of.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #37 of 61 (permalink) Old 06-24-2016, 07:34 PM
Registered User
 
Join Date: Jul 2014
Posts: 659
Bronco Info: 1993 Bronco Custom Trim - 302 Stock - E4OD Transmission
iTrader: (0)
Proud to see the corporate ownership of the site is really breaking the trend of listening to users. They're not at all like the usual people who are given facts of why their decision is moronic and counter-intuitive but press ahead anyway and create more work for themselves.

Can't wait to hear when your database is stolen again in 8 months guys.

1993 Ford Bronco Custom Trim w/ 302 V8
pollux is online now  
post #38 of 61 (permalink) Old 06-27-2016, 03:28 PM Thread Starter
Administrator
 
fullsize's Avatar
 
Join Date: Sep 2009
Posts: 801
iTrader: (0)
Hey there,

We have posted to the sites letting users know how to go about changing their passwords. There are a few things that may have happened:
1) the email address wasn’t the current one you use
2) the email is getting blocked by spam or ending up in your junk folder.

If you have not received the password reset email, go to the site and use the password reset tool in the log in window. If this still is not working for you, please go to the contact us page at the bottom right hand corner of the screen and select the “other” field and insert the subject “password reset issue” .

sorry for the trouble. we are sorting out all the issues as they come in. thanks all!

~Shane
fullsize is offline  
post #39 of 61 (permalink) Old 06-27-2016, 03:56 PM
Registered User
 
Matco's Avatar
 
Join Date: Feb 2014
Location: So Cal
Posts: 624
Bronco Info: 96 5.8 4x4 2 inch lift springs up front, 33 inch Toyo Open Country MT
iTrader: (0)
What about the banner on the home page that says this
"Notice
SECURITY AND DATA BREACH NOTIFICATION CLICK HERE"

Is that a scam or virus link, I have not clicked on it for that reason, it seems out of place being purple...

White 1996 Bronco 5.8 4X4 2inch lift springs up front, sitting on 33x12.5x15 Toyo Open Country M/T's with 15x10 Method Double Standards
120 inches of LED light bar good for 100,000 lumens!!
Matco is online now  
post #40 of 61 (permalink) Old 06-27-2016, 04:59 PM
Harley's & Bronco's FTW!
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 32,492
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2
iTrader: (4)
Garage
It was Vertical Scope's official notice and was likely very generic to share across a multitude of forums owned by AutoGuide / Vertical Scope.
I verified it for myself when it first was put on. That said... I'm not seeing it at all today.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
Reply

  Ford Bronco Forum > Welcome > Suggestions, Feedback & Site Help

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Ford Bronco Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself. DO NOT USE Gmail.com accounts. If you only have a Gmail.com email please contact the administrator here

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome