Attention - Password and Security Update - Ford Bronco Forum
 23Likes
Reply
 
LinkBack Thread Tools Display Modes
post #1 of 59 (permalink) Old 06-14-2016, 11:58 AM Thread Starter
Administrator
 
fullsize's Avatar
 
Join Date: Sep 2009
Posts: 786
Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
fullsize is offline  
Sponsored Links
Advertisement
 
post #2 of 59 (permalink) Old 06-14-2016, 01:10 PM
The Anti Yam!
 
Gacknar's Avatar
 
Join Date: Oct 2003
Location: Georgia, Douglasville
Posts: 22,705
Bronco Info: 86 Bronco XLT 357w/AOD
Do you have the guidelines for the new passwords ready?
Minimum number of characters, numerals, upper/lower case?
BikerPepe` and B-man like this.

86 Bronco - 357W/AOD - 6" suspension lift, 3" body lift - 38" TSL Radials - 456:1 Gears
Sequential Multiport Mass-Air Fuel Injection from a 93 Mustang GT

My SuperMotors Site - My Engine

The Greatest Thread on FSB
Gacknar is online now  
post #3 of 59 (permalink) Old 06-14-2016, 05:48 PM Thread Starter
Administrator
 
fullsize's Avatar
 
Join Date: Sep 2009
Posts: 786
A good password/required would include 1 Upper case character, 1 lower case, 1 number and 1 special character. At least 10 characters long.

Lee
fullsize is offline  
 
post #4 of 59 (permalink) Old 06-14-2016, 06:05 PM
Registered User
 
Join Date: Nov 2015
Location: SW Ohio
Posts: 350
Bronco Info: 1981 Bronco, 4.9L, T18, NP208
Just saw this exact same message on the only other forum I regularly visit. Hmmm...
SRWillis is offline  
post #5 of 59 (permalink) Old 06-14-2016, 06:44 PM
Resident Nice Guy
 
schwim's Avatar
 
Join Date: Oct 2015
Location: Western NC, US
Posts: 952
Bronco Info: 1979 Ranger XLT, 351m, 4 speed
Garage
Quote:
Originally Posted by SRWillis View Post
Just saw this exact same message on the only other forum I regularly visit. Hmmm...
There's usually a bandwagon mentality in the site management community that does this type of thing after an exploit is found in the software they're using.

The fallacy of forcing password changes and complexity notwithstanding, my suggestion is always this:

To protect yourself from these "making you more secure" types of interruptions in your web browsing, come up with a password that matches the most common requirements:

letters and numbers
caps and lower case
one special character
around 12 characters

That's about all site owners can force on you, so "USMC0341yut! is a password that will get accepted almost anywhere.

When you're forced to change a password and you'd rather not, change your password and then immediately change it back to what you'd like. Almost no canned and premade web scripts are written to store old passwords to make sure you're not reusing them. Us scripters and programmers seem to be pretty lazy :)

For safety's sake, ignore everything I've said above, change your passwords every 7 hours and use a different password everywhere so you have to write them down somewhere to remember them. Only then will you be completely secure.
Woogeroo likes this.

This is my signature. There are many like it, but this one is mine.
My signature is my best friend. It is my life. I must master it as I must master my life.

Schwim! A social site with an identity crisis.
schwim is online now  
post #6 of 59 (permalink) Old 06-22-2016, 01:16 AM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
Just an FYI... in-case you didn't get/see it for yourself.
Attached Thumbnails
Click image for larger version

Name:	fsb_pswrd_ntc.jpg
Views:	392
Size:	108.1 KB
ID:	83201  

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #7 of 59 (permalink) Old 06-23-2016, 12:37 PM
The Anti Yam!
 
Gacknar's Avatar
 
Join Date: Oct 2003
Location: Georgia, Douglasville
Posts: 22,705
Bronco Info: 86 Bronco XLT 357w/AOD
No, I didn't see it, not until after they changed my password.
So when I went to get on today I had been logged out, which is unusual, and it would not let me log back in.

Checked email and there's a reset notice.

So whats the plan for the Many, Many members who didn't see this announcement and have there FSB account tied to a defunct email account?

86 Bronco - 357W/AOD - 6" suspension lift, 3" body lift - 38" TSL Radials - 456:1 Gears
Sequential Multiport Mass-Air Fuel Injection from a 93 Mustang GT

My SuperMotors Site - My Engine

The Greatest Thread on FSB
Gacknar is online now  
post #8 of 59 (permalink) Old 06-23-2016, 02:06 PM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
Those guys are likely screwed. They'll probably have to make another log in identity to get back on FSB.

================================================== ============================


ATTENTION: If you are one of those members and still had your old account connected to a bad email account, so you were forced to make a new login profile to get back on FSB, PLEASE NOTIFY A SITE ADMINISTRATOR. No bullshit though... we will be cross-referencing IP addresses to verify your claims.
We will merge your new account with your old account, so you will be properly tied to all your past postings and can avoid any of our Post Limit settings. Thank you all and our apologies for the inconvenience.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #9 of 59 (permalink) Old 06-23-2016, 02:15 PM
Registered User
 
Join Date: Jul 2014
Posts: 632
Bronco Info: 1993 Bronco Custom Trim - 302 Stock - E4OD Transmission
What a huge waste of time for everyone. Like I'm worried about people stealing my account on a forum about trucks.

Congrats, your password requirement is more ridiculous than my financial institution's.
pollux is offline  
post #10 of 59 (permalink) Old 06-23-2016, 02:28 PM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
always a ray of sunshine, eh pollux?

Many users are guilty of using the same passwords for many different sites, so having your profile info and the password could lead to other accounts you have being hacked.
If your financial institutions password requirements are less than those here at FSB, your financial institution sucks!

Thanks for your input and Have a nice Day.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #11 of 59 (permalink) Old 06-23-2016, 02:28 PM
Resident Nice Guy
 
schwim's Avatar
 
Join Date: Oct 2015
Location: Western NC, US
Posts: 952
Bronco Info: 1979 Ranger XLT, 351m, 4 speed
Garage
Quote:
Originally Posted by pollux View Post
What a huge waste of time for everyone. Like I'm worried about people stealing my account on a forum about trucks.

Congrats, your password requirement is more ridiculous than my financial institution's.
Not only that but their breach was caused by their lack of security and had nothing to do with the strength of our passwords. Using special characters in my PW isn't going to help them secure their code.

WTB: some logic, paying handsomely.

This is my signature. There are many like it, but this one is mine.
My signature is my best friend. It is my life. I must master it as I must master my life.

Schwim! A social site with an identity crisis.
schwim is online now  
post #12 of 59 (permalink) Old 06-23-2016, 02:32 PM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
oh jeez... seriously? you too schwim?

so... would you rather they did nothing at all? we don't know what kind of other changes were made on the back end.
fwiw, my bank just did a similar update to the password requirements about 6 months ago, so I pretty much expected this to happen all over the place... sooner or later.

As hackers get better, as p-word breaking code and computing speed improve, we all have to upgrade to keep our shit safe.




oh well. whatever. Haters gonna hate.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #13 of 59 (permalink) Old 06-23-2016, 02:38 PM
Registered User
 
Join Date: Jul 2014
Posts: 632
Bronco Info: 1993 Bronco Custom Trim - 302 Stock - E4OD Transmission
You still aren't acknowledging what schwim is saying. It does not matter what our passwords are if the databases with the passwords in it are stolen which is what's been happening all over the web. This is not our problem, this is site management's problem and they're obfuscating responsibility to those who don't understand how this all functions.

My password could be DoD level and it wouldn't matter because they will have it when they take the entire poorly protected datasets. Throwing the responsibility on the end user to make up a ridiculous 10 character length password with special characters and numbers and upper and lower case doesn't help anyone besides hugely increase the odds that this forum's generally older population will keep having to reset their accounts.
Woogeroo and marshallnoise like this.

1993 Ford Bronco Custom Trim w/ 302 V8
pollux is offline  
post #14 of 59 (permalink) Old 06-23-2016, 02:48 PM
Resident Nice Guy
 
schwim's Avatar
 
Join Date: Oct 2015
Location: Western NC, US
Posts: 952
Bronco Info: 1979 Ranger XLT, 351m, 4 speed
Garage
Quote:
Originally Posted by BikerPepe` View Post
oh jeez... seriously? you too schwim?

so... would you rather they did nothing at all? we don't know what kind of other changes were made on the back end.
fwiw, my bank just did a similar update to the password requirements about 6 months ago, so I pretty much expected this to happen all over the place... sooner or later.

As hackers get better, as p-word breaking code and computing speed improve, we all have to upgrade to keep our shit safe.




oh well. whatever. Haters gonna hate.
No hate at all good sir. Some of us just understand that our passwords had absolutely nothing at all to do with their loss of stored information. What happened to them is like someone taking your wallet out of your back pocket and handing it to a bad guy, then telling you that it wouldn't have happened if you had owned a nicer wallet.

Speaking of wallets, can anyone name the movie this was in without Googling? I got it for Christmas a few years ago.



Personally, it's no bother to me. I store all my passwords in my browser and it automatically updates the info when it detects a new one.

I promise not to derail the topic any further. I've changed my password and am now more secure for it.

This is my signature. There are many like it, but this one is mine.
My signature is my best friend. It is my life. I must master it as I must master my life.

Schwim! A social site with an identity crisis.
schwim is online now  
post #15 of 59 (permalink) Old 06-23-2016, 02:56 PM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
Quote:
Originally Posted by pollux View Post
You still aren't acknowledging what schwim is saying.
Really? Pretty sure I did.

Quote:
Originally Posted by BikerPepe` View Post
we don't know what kind of other changes were made on the back end.
I would assume... the same as my own bank did, they upgraded the back end and the new updates to secure the database on the server from getting hacked would also require a new, tougher password scheme. This is just a PART of the security upgrades put into place after they got hacked.

I would expect that schwim should know this already.


Your local staff (moderators and administrators) don't work for Auto Guide/Vertical Scope or anyone else for that matter. We just volunteer our time to help out the members of our site... because we love the place and want to contribute to keeping it as good as we can.
We are not privy to the deeper goings on of Auto Guide/Vertical Scope and can't answer questions about the technology that drives the forums. We can only assist members with the more basic and rudimentary functions of the site.
So... I don't really know anymore than you guys but applying a little common sense and not having a flat out pissed off and negative view of the company who has run and owns this forum lead me to believe that this change is just a part of the larger picture.

Do they screw up now and then. Absolutely.
Are they perfect? Not only no... but hell no.
Did they piss of about 80% of the members when they upgraded the forum to a new format... obviously.

Do they do as good a job as they can considering they own, probably 75% of all the successful automotive related forums on the internet... I don't know, but I'd like to think so.


Nobody blamed our passwords for them getting hacked. Our passwords obviously would NOT have given them that kind of access.
I don't know why you guys are taking this so personally... other than your pissed off at being a little inconvenienced this morning, despite everyone being notified in 3 different threads for the last week.
Obviously... it wasn't that big of a deal or we wouldn't be logged in here bitching about it.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002

Last edited by BikerPepe`; 06-23-2016 at 03:04 PM.
BikerPepe` is online now  
post #16 of 59 (permalink) Old 06-23-2016, 03:06 PM
Resident Nice Guy
 
schwim's Avatar
 
Join Date: Oct 2015
Location: Western NC, US
Posts: 952
Bronco Info: 1979 Ranger XLT, 351m, 4 speed
Garage
Hi there Pepe,

I just wanted to explain the flaw in thinking that you need a password that's unbreakable by machines.

The days of a script looping through 10,000 dictionary words to try to log into your account are long gone. Even when it doesn't work, it's a huge drain on server resources. Here's one example of how this should be protected against:

Allow up to 10 consecutive attempts to log in. Provide visual warnings to the visitor that they are nearing lockout. Once locked out, the IP addresses used in the attempts are blacklisted to save on wasted server responses and the forum sends an email to the address on record letting them know of the lockout with a link to reactivate their account. Only the holder of the account should have access to the email address, so this would be considered sufficient in regards to security to regain access to the account and would not involve a mod or admin to help.

This method also doesn't have to worry about spoofing IP addresses and UA strings. The forum wouldn't care about the location of the login attempt. 10 tries and you're done. You can reset the attempts field at 24 hours to keep the database table clean.

With 10 attempts, you could have a 4 character unrestricted password and would likely never see a compromised account.

More important than a complex pattern is to not use the most common passwords as that is what scripts are designed to use to try to log in.
Woogeroo likes this.

This is my signature. There are many like it, but this one is mine.
My signature is my best friend. It is my life. I must master it as I must master my life.

Schwim! A social site with an identity crisis.
schwim is online now  
post #17 of 59 (permalink) Old 06-23-2016, 03:23 PM
Busy Plowing...
 
BikerPepe`'s Avatar
 
Join Date: Feb 2003
Location: N.E. WA
Posts: 31,787
Bronco Info: '95 XLT, 5.8/E4OD/MassAir/6" lift/4.56's/35x12.5 BFG AT-KO2 or 33x12.5 GYW Duratrac
Garage
ok schwim. first off... you are definitely more up to date with technology than I am. I got out of the tech field many years back.
that said... I've worked for internet access supply companies, I've worked tech support for microsoft and I managed an office for another database management company out of 'Frisco for a few years. I'm not totally ignorant when it comes to online security.

I have no direct information from AutoGuide about this recent problem or the security upgrades they had to make after getting their database hacked.
But what I do know is that it wouldn't be out of standard procedures for updates on the back end to include updates to the front. Again... I have to assume that the upgraded passwords being forced on us are just a part of the overall upgrades done to the back end to protect the servers and the databases stored on them.
I would expect that as an IT Professional, you might see this and agree.

I'm not saying the passwords are an integral part of this and I'm not saying that it's necessary... but what I am saying is that when you upgrade deeper functions related to server security, the entire system gets upgraded and any and all potential security weak points get upgraded along with the rest. It's not that uncommon in my experience.
I also noted that my own financial institution just forced a similar upgraded security scheme within the past 6 months, so I would also have to assume that this is standard for recent updated security models.


oh well. I'm not going to argue to defend a company that won't defend itself.
I am one of you guys, I just volunteer to help out here as much as I can. I'm done.
schwim likes this.

"When life throws you a curve... LEAN INTO IT!"

SuperMotors - Since 2002
BikerPepe` is online now  
post #18 of 59 (permalink) Old 06-23-2016, 03:33 PM
Resident Nice Guy
 
schwim's Avatar
 
Join Date: Oct 2015
Location: Western NC, US
Posts: 952
Bronco Info: 1979 Ranger XLT, 351m, 4 speed
Garage
Quote:
Originally Posted by BikerPepe` View Post
stuff.
BikerPepe` likes this.

This is my signature. There are many like it, but this one is mine.
My signature is my best friend. It is my life. I must master it as I must master my life.

Schwim! A social site with an identity crisis.
schwim is online now  
post #19 of 59 (permalink) Old 06-23-2016, 03:43 PM
U jelly of my
 
offroadkarter's Avatar
 
Join Date: Sep 2009
Location: North NJ
Posts: 3,203
Bronco Info: 1996 Eddie Bauer 351W
Garage
Hey, I want to jump on the angry IT bandwagon!

Can we pool our money and buy FSB back from autoguide? Corporate forums blow hard... This whole ordeal is just one example why, this password list theft affects me on more than one forum...

1996 Ford Bronco Eddie Bauer (Sleeping)
>>>super slow build thread<<<

2003 & 2004 Mercury Marauder 1985 BMW 745i 2016 Ford Mustang GT Performance Pack
offroadkarter is offline  
post #20 of 59 (permalink) Old 06-23-2016, 05:13 PM
Fullsize Member
 
TJSmoot's Avatar
 
Join Date: Aug 2009
Location: Winston-Salem, NC
Posts: 151
Bronco Info: '95 EB 5.8L 4.56's TrueTracs Fr&Rr 6" BDS lift 35x12.50's Warn Hubs Flowmaster K&N drop in filter
Garage
Pulp Fiction.
schwim likes this.

'95 EB 5.8L, 35x12.50 BFG's, Yukon/Motive 4.56's, Detroit TrueTrac's Fr & Rr, 6" BDS suspension lift, extended radius arms, steering stabilizer, extended bump stops, extended steel braided brake lines, Warn manual hubs, TRE flip, Redhead steering box, Flowmaster muffler, K&N drop in filter

http://www.supermotors.net/registry/27578
TJSmoot is offline  
Reply

  Ford Bronco Forum > Welcome > Suggestions, Feedback & Site Help

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Ford Bronco Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself. DO NOT USE Gmail.com accounts. If you only have a Gmail.com email please contact the administrator here

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome