Security Update: A Message for Our Community
TTAC parent company VerticalScope is implementing some security changes related to forum password strength and password expiration policies. These are in response to increased Internet awareness of security-related incidents on outside major social media websites with which we share many common users. In addition, we recently became aware of potential risks to community accounts (username, userid, encrypted password and email address) on many Forum online communities, including the forum associated with this site.
Our internal security team is investigating information we have received about potential risks to communities and collecting and recording the findings for Law Enforcement agencies. Unfortunately, password-sharing between sites is also compounding the issue as various social-media sites have reported breaches in recent months. We take our users and data very seriously, and are always working to provide both a safe (and fun!) environment for our users.
If you are a user of one of our forum communities, you will receive an email shortly to change your password.
We also encourage you to proactively update your password on this site. (Either through the WordPress blog comments section or through the forum).
Like every online service, we strongly recommend that you always use a unique, strong password (10 character, 1+ uppercase, 1+ number, 1+ special character) to better protect your online security.
More by Admin
Comments
Join the conversation
There's no TLS for the login here (ie. no https page) so there's no serious security here anyway. If you moved to https for the whole site you may have issues with third-party advertising, but at least the login page should be secured. The biggest issue here is password re-use - one site gets hacked and your email address and password combination is leaked, and hackers will be trying to connect to other sites with the same combination. It is therefore important to have a totally unique password for every site - which is only manageable with a password manager which can also generate the passwords. There are Lastpass fans here, I like KeePass (in spite of its questionably insecure upgrade options), which is a locally-installed program (the encrypted keyfile can be stored in the cloud). For TTAC I have a 64-character random password generated by Keepass, unique to this site, and I have a separate email address for forum logins which is not my main email address. A question for the TTAC admins - what is the maximum in terms of complexity I can use? You mention special characters, can I use a password like this? (Not my password!): Tfe%>DRr}\ar~1]nBd+78zqS"yGVg0,d)ZR6Fs@0k,zkI:c:4HBt;i)vy08Pt`1w
My password has alway been "password". Is that a porbelm?
We'll know the hackers have taken over the comments when they become filled with replies touting the benefits of leasing, 84 month loans and rolling over negative equity into a new car.
Having expiration dates on passwords does nothing but push a lot of users to have numbered passwords like Hunter2, Hunter3, etc. You effectively remove at least one character from the password (the number), and your rule with having at least one numeric character is thus also useless. See the last story on technologyreview regarding password strength for more information.