Home Theater Forum and Systems banner

1 - 20 of 53 Posts

·
Administrator
Joined
·
496 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Premium Member
Joined
·
2,539 Posts
Participating in a home theater forum should not require password resets or expirations.
While I have enjoyed my time here when my password expires that's it for me.
I want all the great members here to know how much I have enjoyed participating in this forum with you.
Many thanks to each and every one of you.
 

·
Plain ole user
Joined
·
11,121 Posts
I just got the email notifying me of my password reset at AVS. I feel the same way as Charlie. I am done with both forums if I have to deal with password resets. It is nonsense to require this of users. Staff, who may have access to administrative areas is another matter, but for public users it is silly.

I am also very disappointed that we were not notified that the forums may have been compromised and not given any real information about potential threats.

I am sorry to say that after 10 years here, and longer at AVS, I will not be back at either if a password reset is required.

Adios.
 

·
Premium Member
Joined
·
4,363 Posts

·
Registered
Joined
·
384 Posts
What does that mean to me as a member? What can they do with the information and what exactly did they obtain?
It means that they can login using your userid and password, making posts in your name.

Many people use the same password on many different sites, including financial sites. Password theft exposes those people to very serious problems -- like theft of all their savings, redirection of direct deposits, etc.

For a detailed discussion of what happened to VerticalScope, see the article that I linked to above.
 

·
Registered
Joined
·
462 Posts
Thanks Selden,

I would just leave it up to the users to reset there own Password. It really is only a problem if you use the same password for other things. I love this forum and will be staying.
I know the internet is a very unsafe place and I do not expect Usernames and Passwords to be 100% safe with any company.

I think people are upset with other things going on with this forum and little things like this may end up being the straw that broken the camel's back.
 

·
Premium Member
Joined
·
4,363 Posts
I don't use the same info either but it's still not a good look. Did the same thing happen at AVS?
 

·
Registered
Joined
·
462 Posts
I don't use the same info either but it's still not a good look. Did the same thing happen at AVS?
Please read the article it happened to 1,100 websites and forums. So yes.
I'm guessing for 90% of the people here are apart of other forums so this is not a HTS thing.
 

·
Registered
Joined
·
462 Posts
45 million accounts were compromised, that is a lot of accounts so most of the information will not be used.
If I was the hacker I would run a quick program and see if the same IP pulls back the same password for different forums. I would then flag that IP as a target to see if that password will work on Banking sites. I would not waste time on one persons IP/Password.
 

·
Premium Member
Joined
·
4,363 Posts
45 million accounts were compromised, that is a lot of accounts so most of the information will not be used. If I was the hacker I would run a quick program and see if the same IP pulls back the same password for different forums. I would then flag that IP as a target to see if that password will work on Banking sites. I would not waste time on one persons IP/Password.
I'm sure the hackers know how to hack but maybe not best to throw that out there.
 

·
Premium Member
Joined
·
5,798 Posts

·
Administrator
Joined
·
232 Posts
The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

These tech blogs don't ever get the full story, they just have hearsay and run with and embellish it.

We cannot go into detail at the moment as it is being dealt with on a legal level.
 

·
Administrator
Joined
·
232 Posts
... It doesn't mean though that we should have mandatory password resets every year.
The security of members accounts is very important to us and although a members personal information or private information such as credit card info is not stored on the site, many people use the same password for multiple sites. This could create a potential hole for a hacker to get your info which is what we would like to avoid. The forced password change for now is to insure there are no holes on the forum and the one that should happen a year from now can be revisited then and we can look into if it is still needed on the site.
 

·
HTS Moderator , Reviewer
Joined
·
3,313 Posts
I think people are upset with other things going on with this forum and little things like this may end up being the straw that broken the camel's back.
Judging by some of the previous posts it's already taking its toll, which is a real shame given that some of the people leaving for good over this are very active and well respected members.
 
1 - 20 of 53 Posts
Top