Veloster Turbo Forum banner

1 - 4 of 4 Posts

·
Administrator
Joined
·
174 Posts
Discussion Starter #1
Hey all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,
Helena
Community Management
 

·
Registered
Joined
·
222 Posts
He's right. I work in the Cyber Security field and am a CEH also. Plain text passwords can easily be intercepted a variety of ways. We don't all have paid VPN's so SSH/SSL/TLS/HTTPS is a great place to start. Finding a trusted certificate isn't hard to do, neither is interception of plain text passwords through packet sniffing. It's easy to wreak havoc if you allow it to be easy. Make sure you employ a skilled Cyber guy with CEH or CISSP or both. Also test your site for XSS and disable SQL input on any web applications and log in pages to avoid SQL injection which can deliver all user names and passwords to the attacker. I can write a virus with three simple lines of code that will render a machine usless, and inject it or do a vulnerability scan to find out what attacks your site is vulnerable to, and then start my attack. And if it's done through VPN, Tor, or a proxy/proxy chain, it can be nearly impossible to trace back to the attacker.

Sent from my HTC6600LVW using Tapatalk
 

·
Registered
Joined
·
2,718 Posts
I have a very complex password unique to this site. Expiring it promotes less complex password. If data is in fact "stolen", then that means the infrastructure itself insecure and that needs to change first. If it is brute force attacked, where not all users are affected, then I know that my account is safe.
 

·
Registered
Joined
·
2,245 Posts
Honestly...I don't care that much since this is a forum but just salt your passwords. Don't enforce some arbitrary rules that require a shit ton of symbols like my work or non common words. Shit pisses me off that sentence isn't allowed but a bunch of shit i cant remember is when length is more important (thats what she said)
 
1 - 4 of 4 Posts
Top