BowFishing Country banner

1 - 11 of 11 Posts

·
Administrator
Joined
·
277 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
2,102 Posts
It's a public Internet forum, why the hell do the passwords have to be more complicated then my online banking password?
 

·
Registered
Joined
·
4 Posts
I would suggest the " CONTACT ADMINISTRATOR" function needs to be fixed as well as i have sent no less than a half a dozen messages with not so much as one response.

Finally i said piss on it and created a new account.

So, if the ADMIN regularly frequent the site as stated, how about one of them contact me so i can get access to my old profile.

Much appreciated. :headbang:
 

·
Administrator
Joined
·
277 Posts
Discussion Starter #8
It's a public Internet forum, why the hell do the passwords have to be more complicated then my online banking password?
:cen: You better hope your bank kick it up, hackers are a really problem to internet.
hey there!

Just wanted to give some insight into why the passwords need to be more complicated. I was instructed to give a good explanation as to why they are more complicated then a 4 digit PIN, here we go!

So, the privacy of communications between you (your browser, not you physically :D ) and bank servers is ensured via an encryption. Encryption scrambles messages exchanged between your browser and the online banking server. a lot of IT companies handling this sensitive information do this.

The secure session is established using a protocol called (TLS) Encryption or something similar. This protocol requires the exchange of what are called public and private keys.
Both sides require the keys because they need to de-scramble (de-crypt) messages received. The TLS protocol and others like it, assures privacy, but also ensures no other website can "impersonate" your financial institution's website, nor alter information sent. basically, think doing a jigsaw puzzle to reveal the bigger picture, but having someone come by every 3 minutes and change the pieces on you and rescramble all that hard work. ;)

The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message. this does not mean it cannot be done mind you, but makes it very very hard. like an overly complex rubix cube!

All your pins and information are stored on these 128 bit + encrypted servers for your banks, credit unions, etc. or something more heavy duty, like a 256 bit encryption and it can go higher in some circumstances!

But!

Your old/current password (example: password1234, ilovemycatfluffy123, iheartdolphins67, fishingislife89 etc) is too simple. Even if your password is more complex, its still needs to be changed to the requirements made for everyone. Though nothing important like credit card information is stored on the forum itself, those usernames and passwords could very well be used on other sites with that potential information, and could cause issues for you if anyone ever got hold of that very simple password. This would cause a sort of ripple effect if you do use the same password for other sites. Thus, compromising your online activity. Or worse.

Even with extremely complicated 128 bit encryptions applied to your online bank or credit union, you still use personal passwords just to log into those websites. This is good information to keep in mind.

If they can get in there. they can do what they like. most mobile banking, shopping sites, etc. store information there. now those sites are "secure". but if you got the key to the vault, you do not need to break in right?

no encryption can save any account if your password can be learned or is too simple. it creates a vulnerability with your account. this applies to forums, banks, online shopping accounts, etc.
While those passwords are perfectly safe on their servers, they could still be accessed if your password becomes compromised here or somewhere else. This is why having a more complicated and harder to break password helps with that.

We apologize it’s an inconvenience, but this is the exact reason why these changes are being made, for the safety of our users, and to close any holes in security that need to be closed.

Hopefully that answers your question. :)

I would suggest the " CONTACT ADMINISTRATOR" function needs to be fixed as well as i have sent no less than a half a dozen messages with not so much as one response.

Finally i said piss on it and created a new account.

So, if the ADMIN regularly frequent the site as stated, how about one of them contact me so i can get access to my old profile.

Much appreciated. :headbang:
Hey there. I tested it, and it is working. its just a patience game at this point. we have an influx of messages coming in from all the other sites getting a password reset as well. just be patient, we are answering 100's of them and resolving them fairly quickly. it will get resolved for you as well. make sure to include:

- Account Name
- Email on the account
- Email you want it changed to if need be

get us all that, and we will fix it up within 1-2 replies, no problem.

haha, they cant get rid of me that easy...
Welcome back! for all others, refer to the information above. We apologize for those locked out, we will get your ticket as soon as we can. :)

~Shane
 

·
Administrator
Joined
·
277 Posts
Discussion Starter #11
Thanks for helping out!
Let us know if there is anything else we can assist with!

Richard.
 
1 - 11 of 11 Posts
Top