Information => Site Issues and Feedback => Topic started by: Abarthisti on July 27, 2016, 08:55:37 pm
Title: Upcoming Password changes
Post by: Abarthisti on July 27, 2016, 08:55:37 pm
Hello,
Please be advised we’re asking members to change their account password due to a security breach of our sites that we recently been made aware of. As such you will be prompted to change your forum password when you enter the site next. This is one of several implementations we’re adding as a way we can help secure the site and prevent information to be compromised in the future. If you would like to read more or ask a question please feel free to read the page linked below or post to this thread.
Read More here: http://www.verticalscope.com/about-us/notice-of-data-breach.html
Thank you
The Community Support Team
Title: Re: Upcoming Password changes
Post by: cloudburst on July 28, 2016, 11:41:40 pm
Quite frankly I'm disappointed at the number of forums (including this one) who do not implement TLS.
They cite, with a depressing degree of technical ignorance, that the site isn't facilitating financial transactions or storing sensitive data, so therefore TLS isn't required.
These sites are forgetting a few things: - User credentials are sensitive data. Users are human and many users are pretty ignorant of security; they shouldn't - but they DO - use the same usernames and passwords on forums and other sites which do, for example, facilitate financial transactions. - Using TLS, as well as protecting credentials in transit also certifies the validity of the forum to the user and reduces the likelihood of a man in the middle attack by various means. - User creds for Administrative users are particularly valuable to a bad actor. Lack of TLS is a birthday present!
Reading the "what we're doing" paragraph actually annoyed me - particularly the "we're looking at new encryption techniques". My view is that the entire session from start to finish should be done over TLS and the technology to do this has been around for decades.
That said, I'm pleased to see at least that our passwords are being persisted as salted hashes.
CB
Title: Re: Upcoming Password changes
Post by: Abarthisti on July 29, 2016, 02:07:32 pm
thank you for the suggestions,
We are doing our best to maintain security and better measures to make sure account information is safe. :) thanks.