Ford Bronco Forum - Reply to Topic
Thread: Attention - Password and Security Update Reply to Thread
Title:
Message:
Trackback:
Send Trackbacks to (Separate multiple URLs with spaces) :
Post Icons
You may choose an icon for your message from the following list:
 
   

Register Now



In order to be able to post messages on the Ford Bronco Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself. DO NOT USE Gmail.com accounts. If you only have a Gmail.com email please contact the administrator here

Email Address:
OR

Log-in










  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
04-13-2017 02:54 PM
fullsize The gap in security your browser is pointing out is common on most sites, but Google,firefox,IE has decided to start highlighting it now. It's telling you that the site is vulnerable to a MIM attack (or Man in the Middle), where someone intercepts what you are typing on the site. Since everything you type here is view-able to all, this has never been a thing it made sense to protect against. As long as you aren't typing your password into a thread in plain text, or your bank info, this doesn't affect you.

All that said, we are going to be upgrade all our network over the coming months to HTTPS to make our pages secure.

Niall
04-13-2017 08:40 AM
Bogie I don't see anything current on this password issue. I use firefox browser. The browser recently updated, and as a result, the password box on this site has a warning from firefox that states the password login on this site is unprotected. Can you provide any info on this? Thanks,
07-08-2016 02:53 PM
BikerPepe` ok... just trying to eliminate any potential problems. In the end... this will be an issue for AutoGuide to deal with, if it's on the board.
The obvious things they'll try to suggest... clearing cookies and cache. Might want to get those out of the way first.
Also... if you're attempting to use a password auto-filled by your browser, getting rejected and then typing it in and getting through... then it's pretty obvious your browser has the wrong password saved and it needs to be cleared and re-entered/saved. I don't imagine that's the case... but I'm just putting it out there to save time and effort.

The thing is... if you're the ONLY one having this issue, narrowing it down will be a real drag.
Since we haven't seen anyone else complain about a similar issue... it's more than likely something happening on your end.
Either way, I hope they can help you out with it in a timely manner.

@fullsize @AG Jeff
07-08-2016 02:45 PM
sackman9975
Quote:
Originally Posted by BikerPepe` View Post
did you update your password to your own, after the prompted change... or have you kept using the same password they sent to you.
if you haven't changed the password they gave you to something personal... that MIGHT be a part of the issue.
I made the change to a password that fits for me to remember.
07-08-2016 01:09 PM
BikerPepe` did you update your password to your own, after the prompted change... or have you kept using the same password they sent to you.
if you haven't changed the password they gave you to something personal... that MIGHT be a part of the issue.
07-08-2016 10:10 AM
schwim Paste both to start. If anything failes, paste both again(Don't use what's saved in the text boxes). If it fails again, type the username and paste the password. If you get another failure, reverse and paste the username and type the password. Then we'll have a very good idea of the element that's causing the failure.
07-08-2016 10:04 AM
sackman9975
Quote:
Originally Posted by schwim View Post
If the login fails, be sure to try pasting just the username and then just the password. I'm suggesting this because we can't be sure that it's not the username portion that's causing the failure(I can explain further but it's boring and confusing).

The reason why I'm suggesting you do it again is because if you're using the same content to log in and you get different results in the same session, they've got a direction to work in.
So you're saying to paste the username and type password, and visa versa to see which way it acts up?
07-08-2016 10:02 AM
schwim
Quote:
Originally Posted by sackman9975 View Post
When they reset my password, I copied and pasted it from the email and got the same thing. So this is a continuing issue since the password reset.

Just saved my username and password onto a word document. Will try this later.
If the login fails, be sure to try pasting just the username and then just the password. I'm suggesting this because we can't be sure that it's not the username portion that's causing the failure(I can explain further but it's boring and confusing).

The reason why I'm suggesting you do it again is because if you're using the same content to log in and you get different results in the same session, they've got a direction to work in.
07-08-2016 09:53 AM
sackman9975
Quote:
Originally Posted by schwim View Post
To ensure the admins that there's an issue on their end, I'd type your username and password into a text document. That way you see your password in clear text. When logging in, copy and paste from the text document into the site's login. If it fails once but accepts the same pasted password during another attempt, you have proof that it's not a case of PEBCAK and can get some targeted assistance from the devs.
When they reset my password, I copied and pasted it from the email and got the same thing. So this is a continuing issue since the password reset.

Just saved my username and password onto a word document. Will try this later.
07-08-2016 09:49 AM
schwim To ensure the admins that there's an issue on their end, I'd type your username and password into a text document. That way you see your password in clear text. When logging in, copy and paste from the text document into the site's login. If it fails once but accepts the same pasted password during another attempt, you have proof that it's not a case of PEBCAK and can get some targeted assistance from the devs.
07-08-2016 09:44 AM
sackman9975
Quote:
Originally Posted by BikerPepe` View Post
that sounds like you've got a problem somewhere between the keyboard and the chair to me.
Yeah......that's not it.

Again this morning:
07-07-2016 05:40 PM
BikerPepe` that sounds like you've got a problem somewhere between the keyboard and the chair to me.
07-07-2016 11:51 AM
sackman9975 I've been having to try like 3 times to log in everytime since this password change. I KNOW I'm typing it correctly, and it's correct, yet it tells me user name/password is incorrect.

What's the deal here? Windows 7 / Google Chrome
@fullsize
07-03-2016 11:21 PM
445 FE Bronco I (donated) joined right away upon buying my Bronco, I try to support the efforts of the people who provide the privilege of using this site. Without the info here I would be over at the Ford truck forums getting dogged on like an unwanted red headed step child and trying to figure everything out myself.
07-03-2016 08:14 PM
BikerPepe` Hmmm... let's see here, no required registration with unrestricted internet browsing to 90% of the site (all tech, all discussion, all general BS).
Not good enough... have questions? Basic memberships for free with no hassle sign-ups and no intrusive abuse of your email or other registration information.
Complimentary Newsletter you can accept and enjoy or easily opt out of.

"We" are complaining about a free service that generally helps the majority of us save thousands of dollars over the course of a few years.
It also helps to keep the rigs we love going strong, both on and off the road. The company that hosts this awesome forum only wants to pimp a few ads in return.
The same hosting company allows the members to keep their own volunteer staff, made of up the forums own members.
The same hosting company allows the members of the forum to use the forum name and other intellectual property posted here, to brand items of paraphernalia or "schwag", for promotional sales, as long as no body is making a considerable profit off the forum and properties that they own.
The same hosting company allows the members to have 2 upgraded membership options, both of which greatly restrict the ads visible, off which they make their real bread and butter.
The same hosting company allows the members to have a 3rd membership upgrade option. Member Vendor... that eventually (after 75 posts) allows them direct access to the membership to sell custom made products and/or used vehicles and vehicle parts for a considerably low, yearly fee. They even allow some companies selling specialty items to work under this reduced vendor fee even though they really aren't active members of the forum but do offer custom or hard to find items specific to the vehicle of the sites main focus.

Say what you want, bitch as you will... but in my opinion it's a pretty damn good deal.
Yea... they/we have some issues here and there. Name something else you can get for free that doesn't have some problems and has 1/2 as many benefits.


I'm not trying to stick up for AutoGuide / Vertical Scope. I guarantee they've pissed me off easily as much as any of our regular members.
They didn't make this place, they can't recreate what we have built here over the last decade +. Without the membership... this place wouldn't be worth the click it takes to find it. BUT... all things considered and pulling back and looking at the big picture, seriously... is any of this really that big a deal?

Hell... I can't even find a decent, honest mechanic to fix my rig when I have the money to get ripped off.
There's a reason I've been a member here since the second day Joe / DSOTMOON made this place for us to share and enjoy together, around 13 years ago.
There's a reason I've stuck around after Joe sold the place to AutoGuide / Vertical Scope and moved on. I hope to god there's still a reason... in another 10 years that I'll still be here, hangin' around, laughing, reading, sharing and generally enjoying the comradery of my fellow Bronco lovers.

I'm just saying... bitch all you like but underneath all that, I hope we all can keep it in perspective and have a little appreciation for what we do get... mostly, FOR FREE.
Thank you all and Have a Nice Day!
07-03-2016 04:53 PM
chrisd91
Attention - Password and Security Update

Quote:
Originally Posted by schwim View Post
The system that locked you out was poorly written. It would have been a breeze to prevent that from occurring simply by not counting autologins from apps that store the password and were identified as previously successful at logging in(each installed app carries a unique ID).

Fixing simple or out of date problems doesn't seem to be autoguide's strong suit
07-02-2016 08:34 AM
schwim
Quote:
Originally Posted by chrisd91 View Post
Main disagreement I have with this is that when I tried logging in through the app to my other autoguide forum (one that was linked to an old, dead email account) before I was aware of the password reset was that after only two of my attempts I was locked out and told I had used all 5 attempts. My best guess if the app was trying to automatically log in with my old password between my log in attempts and those were counting against me. I could see someone getting to 10 attempts real quickly if they were having an error like that and were attempting to remember their password. I used 5 "attempts" that way twice before I got frustrated and texted my friend who is an admin there
The system that locked you out was poorly written. It would have been a breeze to prevent that from occurring simply by not counting autologins from apps that store the password and were identified as previously successful at logging in(each installed app carries a unique ID).
07-01-2016 10:46 PM
chrisd91
Quote:
Originally Posted by schwim View Post
Hi there Pepe,

I just wanted to explain the flaw in thinking that you need a password that's unbreakable by machines.

The days of a script looping through 10,000 dictionary words to try to log into your account are long gone. Even when it doesn't work, it's a huge drain on server resources. Here's one example of how this should be protected against:

Allow up to 10 consecutive attempts to log in. Provide visual warnings to the visitor that they are nearing lockout. Once locked out, the IP addresses used in the attempts are blacklisted to save on wasted server responses and the forum sends an email to the address on record letting them know of the lockout with a link to reactivate their account. Only the holder of the account should have access to the email address, so this would be considered sufficient in regards to security to regain access to the account and would not involve a mod or admin to help.

This method also doesn't have to worry about spoofing IP addresses and UA strings. The forum wouldn't care about the location of the login attempt. 10 tries and you're done. You can reset the attempts field at 24 hours to keep the database table clean.

With 10 attempts, you could have a 4 character unrestricted password and would likely never see a compromised account.

More important than a complex pattern is to not use the most common passwords as that is what scripts are designed to use to try to log in.

Main disagreement I have with this is that when I tried logging in through the app to my other autoguide forum (one that was linked to an old, dead email account) before I was aware of the password reset was that after only two of my attempts I was locked out and told I had used all 5 attempts. My best guess if the app was trying to automatically log in with my old password between my log in attempts and those were counting against me. I could see someone getting to 10 attempts real quickly if they were having an error like that and were attempting to remember their password. I used 5 "attempts" that way twice before I got frustrated and texted my friend who is an admin there
06-28-2016 12:14 AM
BikerPepe` yea... no. you made an entirely new profile. the directions repeatedly say that you must contact an administrator.
so now that we know... we'll see about fixing that for ya. Check your PM's.

BTW, you're damn lucky I even found this post. Moving/Merging these posts into the proper thread... in 3, 2, 1.
06-27-2016 11:58 PM
tbrooks After I changed my login and password, my avatar and all of my descriptive information went away. I thought I read somewhere that all of that old information would follow to my new login.

My old login - tbrooks

My new login - tbrooks5

Maybe I misunderstood what "I thought I read".

Thanks for any help.

TB
This thread has more than 20 replies. Click here to review the whole thread.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 
For the best viewing experience please update your browser to Google Chrome