Suzuki Volusia Forum banner

Attention - Password and Security Update

9K views 75 replies 28 participants last post by  Psyc0 
#1 ·
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 
See less See more
#5 ·
I really could not care less if someone hacks the database and has my account password. I have no financial or other personal information tied to the account. It is a recreational forum.
 
#7 ·
Google yourself. Your name, age, address, e-mail are all public record that anybody can access. There's no such thing as privacy on the internet.
 
#8 ·
can ya add the option to opt out of the pw change

i really dont want to change it
 
#9 · (Edited)
The root of the problem is that many people use the same password for multiple things. So by hacking in here, the hackers could get access to other parts of your life. Complex passwords and passwords that are different for each site are a smart way to be on the internet in this day and age.

Here is some advice I give out all of the time.....
Subject: Passwords are a pain.....

Complex/long passwords are required in order to increase the difficulty for hackers to gain access to your information. Complex passwords are comprised of upper/lowercase letters, numbers and punctuation. I'll be up front with you, complex passwords make my head hurt ;) Be aware that longer passwords are better, even if not complex.

A best practice is to not use the same password on different sites, especially financial institutions. If someone were able to hack into your Facebook account do you want them getting to your checking account?

What if you could develop a pattern to your passwords that only you would know? What if this pattern meant you would never need to memorize a password? Below is an example of a pattern that can create a complex password, unique for every website, and make it so you don't have to memorize passwords.

Note: this is an example only, alter it for your own use as you see fit. I either use sports phrases or funny phrases. So let’s work through a few examples with the phrase “I hate fat cats”

So in my mind the phrase is easy to remember but I change it up, I use h8 for hate, capitalize the I and F, and add the # sign for complexity the phrase becomes Ih8Fatcats# <- 11 characters already!!!

I use part of the website name in the password for that site. So, for my pattern I may choose to use the first 4 letters of the site. FACEbook becomes FACE

Now to work that into the password patterns

If I wanted to create a password on SUNTrust.com
Ih8FatSUNTcats# Would be my password, an 15 character password!!!

Ih8FatFACEcats# Would be my password for FACEbook
Ih8FatPAYPcats# Would be my password for PAYPal, etc.

A human hacker may be able to figure your particular pattern, but most hackers program computers to do the hacking. The computers will not “see” the pattern unless somehow they get more than one of your passwords. Once a hacker has one of your password they have computers setup to try that password on a large number of sites. So for example if they have your Facebook password the first thing they do is have a computer check if the password works on Wells Fargo, Gmail, Hotmail, SunTrust, PayPal, Bank of America, Amazon, etc.…. (probably hundreds if not thousands of sites).

Just as a final note, you may want more than one pattern, for example high (i.e. money/email), medium (i.e. medical) and low security (social media).
Basically by remembering your pattern(s) you can figure out any password for any of your websites, but they are all unique.
 
#11 ·
I use a very simple password for things I do not care about and a complex password for things that I do. This is one of those cases where a simple dictionary word is sufficient for my needs. I'm not harboring any state secrets on my home-brew e-mail server here.
 
#12 ·
Two-factor is the way to go and I'd love to see all sites implement it.

Remember, it's the accounts you don't care about that hackers use to gain access to the accounts you do care about. Relax people, this is a good thing. They're only asking a password change once every year. Even Beezer hasn't baked enough brain cells to make it impossible to remember a new password every year.

If it's that big of a deal, set yourself up with a password manager. I use LastPass and all of my passwords look like this:

X8+uh5tr_r2chek!

I have no idea what any of them are to be honest, but I never type them in so it doesn't matter. I only have one really complex password that I remember, which is the one I use to access LastPass itself. ;)
 
#16 ·
Hey all,

The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Thanks,
Dayle
 
#17 ·
you could of at least let people know
 
#18 ·
The way i look at it is if somebody hacks my VR password and posts idiotic stuff like I do, nobody will know the difference. Eventually they will get bored with all this horse crap and move on.

Its a social media site. What in the hell would anybody gain from hacking this site? Just sayin.

Hopefully they will learn about loud pipes, ATGATT, and what damn oil is best to use.

Carry on.
 
#20 ·
Ghost In The Machine gives some good information below, but the main reason is that if a user uses the same password across multiple sites (LinkedIn, Email, Banking) then they become unsecured as well.

why all the different kinds, well if you ever tried cracking a password the more complex the more combinations the pc has to try, read somewhere once that even adding one uppercase letter and one number to a password almost triples the amount of time the average hackers password cracker takes to crack it.
Thanks for the post Ghost, I just wanted to touch on this point here so that others will read it. Having a complex password is a good starting point to safer web surfing.

Thanks,
-JB
 
#19 ·
Figured I'd toss this in here since I am an active member over at HackThisSite.org, I've seen a lot of mention about what someone can gain from a social media site. Well true not much, but in the right hands and with a load of patience there is quite a bit to gain. Someone mentioned using Google to find people, yes this works...hell I've done it to multiple dickweasels on the internet, and have used IP pings to locate those retards who keep emailing me about my foreclosing mortgage which is under my fully legal name of Demosthenes Locke. The issue is thus, who here has ever heard of LightBeam?, no? I'll explain you see when you do anything that involves the ol' www today information is almost immediately shared, LightBeam for Firefox allows you to see where each site sends your browsing data, how to get around this? It is quite hard you could drop down the tubes with a TOR browser, but thats a lot of hassle for the average PC user, you could setup a VPN because masking your IP is something everyone should know how to do, another good method is IP 'bouncing' aka mock locations little harder to setup but it does offer a lot of protection sites just take longer to load.

Now to why even a social media site is dangerous, while back...and yes this was something I did to a guy on the internet being a ******. On an online game nonetheless, with nothing but his IP conveniently snagged using an element inspector on a shoddily constructed site for the game I myself got all these things on one person:
full name
address
relatives names
relative addresses
phone numbers
facebooks
jobs
jobs numbers
the exact extension to his desk
his supervisors name
supervisors number
license plates
emails (gave up at 5 different accounts)
his websites visited


and the best part?, didnt have to go anywhere near his pc, didnt break any laws, as far as I know google helped me more than anything

now what did I do with all of this?, tossed it into a private message to him and watched laughing as he flipped out. But anyone else ......wow the possibilities are endless

Through some simple HTML and a picture in a forum posts, I can gain a lists of IP addresses because every time someone clicks that image it will be dumped to my notepad, its really easy and steps are on google

So, dont think someone accessing your social media cant get anything, look at what I did through an online game, and im far from a coding genius, hell Im just starting out coding

but this all seems caused by a web browser extension, yet another easily preventable situation, thats the thing viruses, identity theft, data breaches 99% are caused by lack of common caution and sense

passwords are a very real issue, and while ive never used a password manager like some have mentioned here, it does make me wonder what happens if the password managers get hacked, they just got Kaspersky a while back it can happen

my passwords, different for every site always over 20 characters, numbers, symbols, upper case, lower case, and if they allow spaces. My password manager ? something the internet cant steal my little black book hidden in my file cabinet


why all the different kinds, well if you ever tried cracking a password the more complex the more combinations the pc has to try, read somewhere once that even adding one uppercase letter and one number to a password almost triples the amount of time the average hackers password cracker takes to crack it.

Its your data, and you arent safe anywhere.....never think you are.


Also heres a picture of what it looks like when you go digging into a website with element inspector
(sorry triple monitor setup so its a big screen lol)

for the record no I dont endorse this crap I'm as paranoid as it gets but understand to fight something its best to know how it works
 

Attachments

#24 ·
Damn password resets!!!!!!!

I'm on another Forum administered by these guys! I got my NEW password, used it properly each time and got LOCKED OUT after 5 wrong attempts! .................with the password they sent me! WTF!!!!

I'm not impressed.

The email they sent says to contact them if you have a problem ........................CAN'T .....................I can't log in!

F
 
#25 ·
I'm still LOCKED OUT of the hdstreetforums.com ..........................F'n new Password they sent me won't allow me back in!!!!!!!!
 
#26 ·
ADMIN ..............................Been nice knowing you all!!!!!

I've tried, and tried and tried to log into the HD Street Forum and keep getting locked out! I'm following YOUR instructions with the password YOU sent me and after 5 wrong attempts each time, I get LOCKED OUT!

Great new approach you're taking here!

If I can't get into the other site again, later tonight, when it resets and allows me to try again .................well, Been nice knowing you! YOUR SITE SUCKS

Obviously it will be the same thing here when you send the the new password!

I don't have time to sit here all day F'ing around with a password reset

Ciao!

BTW, can't even message you
 
#27 ·
This site is small potatoes and so are 99% of the 200 active members.

Tell me what my Facebook user name is and I will send you $50.00 straight away...no questions asked. (well other than to whom and where to mail the check?
 
  • Like
Reactions: 10-64
#28 ·
Glenda won't even respond to you ..................................locked out again, after 5 attempts on the HD Street Forum.

Wait till they reset this Forum!

I've been trying to get back onto the HD Forum since around 3:00 this afternoon! 5 HOURS!

Freakin' unbelievable
 
#32 ·
Again:

45m passwords stolen from over 1,100 VerticalScope forums

You guys f*(ked up didn't ya? I knew you all were a bunch of hacks. I had you all figured for awhile. There is nothing you have done that was a simple transition and now my super secret password needs to be changed.
Actually that is no the facts, they have account info for those sites. not all passwords. They only have ones that matched other sites like twitter and FB passwords, or ones that were easy.

The hack came from a third party plug in, so it happened to a lot of VB sites.

Helena
 
#35 ·
Let me ask you all this question.

If the VR got hit by a ransom-ware virus, like many companies, hospitals, police departments, etc. have, how much money would you be willing to pay to get this site/data back operational? I am asking based on what each member of the VR would be willing to chip in to get the VR back up and running.

I have been on the receiving end of this because I work in an IT department ...can't get into any details because the FBI is involved but I can tell you this. All hell broke loose and I would rather have a root canal with a rusty machete than go through that again. Its what happens when a company won't spend the $ recommended by the IT staff, industry experts...etc.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top