Please Reset Your TechPowerUp Forums Password

[W1zzard]

Quote:

Originally Posted by XeoNoX

i would agree in most cases and its a common problem, why TPU didnt patch known exploits to protect its users and its reputation is beyond me.

The hack did not happen due to a vBulletin security issue.

Which known exploits are you talking about?

[XeoNoX]

OH i thought it was

[theoneandonlymrk]

Quote:

Originally Posted by XeoNoX

btw b/c of this security breach i'm VERY surprised TPU didn't recommend users change their passwords to other webiste/services that use the same username/password as it will be a matter of time before the attacker(s) get to it.

Afaik they did in the OP , just glad to be back

[THE_EGG]

Quote:

Originally Posted by theoneandonlymrk

Afaik they did in the OP , just glad to be back

Agreed, and they sent the recommendation to change the password used in other sites in the email as well.

[Frag Maniac]

What do I do if the password reset feature doesn't work? My email said my password would no longer work, but when I visited the site I was still logged in and I can log out and the save password feature allows me to log back in. I also cannot manually reset my password.

[gaiden.sensei]

Took a few days to get the server to send me the password reset, didn't send until today. I had to change a lot of my passwords because of mutual accounts...

I was under the impression that the user database for vBulletin (3.6 and up) was encrypted by default? I remember examining some of my databases and sensitive details couldn't be seen.

[Frag Maniac]

As a rule I always use different passwords for forums than I do for more protected uses, such as places where I do online purchases and such. Just the same, I'd like to get some help resetting my password here, because I can't seem to get it to work.

The main problem is it's saying I'm entering the wrong current password when trying to reset it, and it won't send me my password or a temporary one.

[gaiden.sensei]

Quote:

Originally Posted by Frag Maniac

The main problem is it's saying I'm entering the wrong current password when trying to reset it, and it won't send me my password or a temporary one.

No idea what's wrong with your password, but you can 'reset' it by invoking the forgotten password form.

Make sure your email address is correct or working before attempting the following:
It'll give you a temp password, but you have to wait for the server to email you the generated key.

http://www.techpowerup.com/forums/login.php?do=lostpw

[Frag Maniac]

I had already done that. I finally got the temp password sent though, and all is good now. Thanks.

I gotta say though, it was a bit scary when right after I posted about it in the feedback forum, what appears to be a SPAM bot answered with jibberish.

[buggalugs]

Wow I had a hard time resetting the password. Couldnt get the confirmation email, was going round in circles. Anyway all is sorted now.

Wizzard, You can disregard the email I sent, its ok now.

[W1zzard]

Quote:

Originally Posted by gaiden.sensei

I was under the impression that the user database for vBulletin (3.6 and up) was encrypted by default?

That's correct. However, with distributed passwords cracking, especially on GPUs, there is a real risk that the passwords can be decrypted

[Frag Maniac]

At least we know they're encrypted to begin with. Probably more secure than Sony was before their PSN fiasco. LOL

[N9ZN-Extra]

When the computer manufactrurers get serious they will adopt a standard for login procedures which cannot be compromised by simply hacking a site and stealing information.

Some complain it will be to costly to implement such a solution but I suggest the cost will sharply drop when millions of orders are placed for the equipment required to implement a solution.

The bigger problem for users is how to get those building the computers and those writing the software to REALLY CARE about our security online. If they don't get away from this grade school approach of identity verification all we as users can expect is more of this in the future.

[W1zzard]

Quote:

Originally Posted by N9ZN-Extra

When the computer manufactrurers get serious they will adopt a standard for login procedures which cannot be compromised by simply hacking a site and stealing information.

Some complain it will be to costly to implement such a solution but I suggest the cost will sharply drop when millions of orders are placed for the equipment required to implement a solution.

The bigger problem for users is how to get those building the computers and those writing the software to REALLY CARE about our security online. If they don't get away from this grade school approach of identity verification all we as users can expect is more of this in the future.

there is no 100% secure authentication system and it can never be created.
maybe the hacker came to my house, held my hamster hostage and forced me to give him the admin password?

[N9ZN-Extra]

Quote:

Originally Posted by W1zzard

there is no 100% secure authentication system and it can never be created.
maybe the hacker came to my house, held my hamster hostage and forced me to give him the admin password?

Wizzard I agree there is no 100% foolproof system but there are many much more secure and difficult to break than these obsolete password security methods we just take for granted.

With all of the trouble people around the globe are having with security breaches, some leading to identity theft and other nefarious ends, any simple minded person can recognize the need for the industry to come togather and agree on a simple system which is much more difficult to break than a code word.

If a new system cost us a small (one time) amount to prepare our PC's that would be a reasonable cost, considering we each pay a heafty monthly rate for internet access anyway. The success of such a system would be upon the software houses and PC manufacturers to make it a standard in all new equipment. This also will be the tough part of any plan because most PC makers and software houses don't care diddly about end user security beyond the most simple of implementations.

Edit: As an example, I have not had my E-Bay or PayPal passwords compromised since I began using their electronic key fobs, for that matter my bank has also not been compromised diue to the same security. The problem with key fobs is they are too costly to implement into all online entities requireing secure access. There are other forms of identification which is not as costly and more secure like retna scanners, finger print id's and so on that can be used over a broad range of equipment and still identifies a unique user.

[w3b]

I don't think creating a new password/security system with a central heirarchy is a good idea at all; not only for the weaknesses that are inherited in all centrally focused systems (government/internal abuse, a much more attractive target for hackers that would lead to bigger problems than TPU going down, etc.) but this would also be wide open for abuse under the perpetual 'war on terror' by the US government (and/or those behind the curtain thereof).

I doubt a TPU account would ever be a matter of national security.

Fine work to the admin staff catching the problem so quickly, hopefully those responsible are found soon and dealt with severely.

[N9ZN-Extra]

Quote:

Originally Posted by w3b

I don't think creating a new password/security system with a central heirarchy is a good idea at all

Fine work to the admin staff catching the problem so quickly, hopefully those responsible are found soon and dealt with severely.

I know there will be many like yourself who for a number of reason would object to any new security ID system. It is to be expected, but do you really believe code words (passowrds) are the best method of security man can acheive to protect them?

As for catching the intruders, Tech Power Up has a small chance of finding who is responsible. My guess is these people may be hackers or they may also be a foreign government, like China, with a reputation for hacking sites. The worrysome thing is in the past few months several tech oriented sites have been compromised making myself ask what purpose might these folks have in mind? I would bet the intent goes far beyond any joy they may feel by having hacked the site.

Edit: Looking at your quote from Benjamin Franklin... I also remember it was Franklin who thought the Turkey should be named as our national bird instead of the eagle. Franklins thoughts have many times been on the fringes of rational thinking. This is not to say what Frankilin said about liberty is wrong, but making something more secure would not cost us any liberty at all. It would cost those who abuse liberty some pain but isn't that the intention with any security be it passwords or something else?

[Irony]

Quote:

Originally Posted by N9ZN-Extra

I know there will be many like yourself who for a number of reason would object to any new security ID system. It is to be expected, but do you really believe code words (passowrds) are the best method of security man can acheive to protect them?

As for catching the intruders, Tech Power Up has a small chance of finding who is responsible. My guess is these people may be hackers or they may also be a foreign government, like China, with a reputation for hacking sites. The worrysome thing is in the past few months several tech oriented sites have been compromised making myself ask what purpose might these folks have in mind? I would bet the intent goes far beyond any joy they may feel by having hacked the site.

Edit: Looking at your quote from Benjamin Franklin... I also remember it was Franklin who thought the Turkey should be named as our national bird instead of the eagle. Franklins thoughts have many times been on the fringes of rational thinking. This is not to say what Frankilin said about liberty is wrong, but making something more secure would not cost us any liberty at all. It would cost those who abuse liberty some pain but isn't that the intention with any security be it passwords or something else?

1) Passwords may not be the most secure thing in the universe, but if thats what you're after then why are you even on the internet?

2) Lol at china

3) Turkeys are awesome

[W1zzard]

Considering that 99.99% of people use "remember me", which means if their PC is hacked their passwords are gone, password security is kinda obsolete already.

Would you want to receive (and pay for) an SMS each time you access TPU? and then you have to enter that code?

[WhiteLotus]

Quote:

Originally Posted by W1zzard

there is no 100% secure authentication system and it can never be created.
maybe the hacker came to my house, held my hamster hostage and forced me to give him the admin password?

They key thing here is to know that w1zz has a hamster. Bless

[Irony]

Hamsters are awesome. It could be a trained hamster that cleans the servers in its spare time

[cadaveca]

Quote:

Originally Posted by W1zzard

Considering that 99.99% of people use "remember me", which means if their PC is hacked their passwords are gone, password security is kinda obsolete already.

Would you want to receive (and pay for) an SMS each time you access TPU? and then you have to enter that code?

I don't even have my own cell phone.




Just for discussion, I wouldn't mind seeing something like SteamGuard used more often.

[W1zzard]

Quote:

Originally Posted by WhiteLotus

They key thing here is to know that w1zz has a hamster. Bless

i have no hamster or any pets .. other than my moderators

[erocker]

I'm hungry and my cedar chips are getting rank.

[N9ZN-Extra]

Quote:

Originally Posted by W1zzard

i have no hamster or any pets .. other than my moderators

LOL, that's not what I read either.

Just to clear this up on my end, the internet began after PC's were invented in 1981 (I think). That is somewhere between 20 to 30 yerrs we have lived with passwords to protect us and every year they become weaker and weaker as a protection.

My whole point is times have changed and along with that the industry should change how we protect our identity, and access to web sites.