BMW K1600 Forum banner

1 - 20 of 134 Posts

·
Administrator
Joined
·
639 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Premium Member
Joined
·
3,723 Posts
Just wondering. Not being disrespectful. But would like to share my feelings on this subject.

First of all, Is there any way the members here can have a vote or choice on this? j/k

Actually, this is my number one hated thing about using a computer.
In the last few years, due to the rules, especially the DIFFERENT rules from site to site, program to program, etc., I have just what is stated here; lots of DIFFERENT passwords to remember. I CAN'T do it. I can write them down, but that is a risk in itself. Almost every time I log in to anything, I have to refer to a text file where I store all my passwords. Time consuming to say the least; and risky, since now someone can hack my computer and get that file. (Hackers, look for a file on my desktop named " everything you need to steal my identity and ruin my life.txt ")

Some of the rules for passwords get really crazy.
At work, for example:
Passwords must be changed every month. Must have a capital letter, small letter, number, and symbol. Passwords can not be reused. Can not resemble the login name, or any other information on the account.

I understand that security is important for clients, but when the IT department has to hire more people just to handle all of the extra calls from clients that can't log in to their account, this has become a problem. A client should have the option to use a password of their choice.

Really, what harm can someone do by hacking my forum account; stop me from being able to log in? That will probably happen anyway every time that I forget my password.

And the not so funny thing is, even with all these security rules, one of my accounts still got hacked.

Again, I apologize, but back in the early 90s someone talked me into getting a computer so that I could do things easier, use less paper, and be more efficient. None of that has happened, IMHO.
Best.
 

·
Premium Member
Joined
·
1,339 Posts
Just wondering. Not being disrespectful. But would like to share my feelings on this subject.

First of all, Is there any way the members here can have a vote or choice on this? j/k

Actually, this is my number one hated thing about using a computer.
In the last few years, due to the rules, especially the DIFFERENT rules from site to site, program to program, etc., I have just what is stated here; lots of DIFFERENT passwords to remember. I CAN'T do it. I can write them down, but that is a risk in itself. Almost every time I log in to anything, I have to refer to a text file where I store all my passwords. Time consuming to say the least; and risky, since now someone can hack my computer and get that file. (Hackers, look for a file on my desktop named " everything you need to steal my identity and ruin my life.txt ")

Some of the rules for passwords get really crazy.
At work, for example:
Passwords must be changed every month. Must have a capital letter, small letter, number, and symbol. Passwords can not be reused. Can not resemble the login name, or any other information on the account.

I understand that security is important for clients, but when the IT department has to hire more people just to handle all of the extra calls from clients that can't log in to their account, this has become a problem. A client should have the option to use a password of their choice.

Really, what harm can someone do by hacking my forum account; stop me from being able to log in? That will probably happen anyway every time that I forget my password.

And the not so funny thing is, even with all these security rules, one of my accounts still got hacked.

Again, I apologize, but back in the early 90s someone talked me into getting a computer so that I could do things easier, use less paper, and be more efficient. None of that has happened, IMHO.
Best.
I personally use a different password for 'low security' areas like forums. I would prefer NOT to be forced to change my password, as I am not worried about someone pretending to know as much as I do about riding with border collies on a K1600... I am also not worried about them nefariously getting my password and using it elsewhere, as like I stated, it is for low-security areas like forums.
 

·
Premium Member
Joined
·
3,815 Posts
I already have more than 100 different passwords for all kind of internet stuff: my own network, mail addresses, forums, internet shops, electronic banking, etc.
And yes, all passwords are different, consist of 15 to 20 characters, capital letters, small letters and numbers.
I use a program to create and remember all those passwords. Personaly I use KeePass but there are other similar programs.
If your password is too easy it can be hacked and be used for spamming which gives the admins a lot of extra work.
So yes, I can understand their security policy.
 

·
Registered
Joined
·
3,298 Posts
I agree with the first two responses. And like them, I have already withdrawn all of my money from this forum so I have little to lose 😉. I use different levels of passwords for forums than I do for sites that pose a real threat to my financial safety.

I do not expect us to win this discussion, and the good news is that forums allow us to stay logged in almost indefinitely. Otherwise the need to "carry" a list of all of my passwords with me electronically or on paper would be a bigger risk because then they would have access to all of my accounts in one place.

The last response above say he uses KeePass. What makes you think their server won't get hacked?
 

·
Registered
Joined
·
516 Posts
hello all,

over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) we are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (twitter, linkedin, badoo, etc) are compromised; and

2) your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

helena

community management

wilco 0:)
 

·
Premium Member
Joined
·
551 Posts
I usually recommend to people... create a strong password that you can remember and add month and/or year to the end of it. example: FluffyCat!16... (Uppercase, lowercase, special character (exclamation is a good one) and numbers.). This way your password stays the same and you just need to remember the year (or month for the evil monthly changes).
 

·
Premium Member
Joined
·
507 Posts
My Mac can Generate a very strong, impossible to remember password and it offers this up each time I log onto a new site and need to create a password. The problem is if you ever want to log on from another computer there's no way to remember the complex password. Mac saves the password in something called Key Chain. I'm curious what happened that requires us to change to a more complex password? While like most here I don't store any State secrets here, who needs some hacker getting access to anything? You'd be surprised what they can do with limited information, better safe than sorry I say.
 

·
Premium Member
Joined
·
3,723 Posts
I personally use a different password for 'low security' areas like forums. I would prefer NOT to be forced to change my password, as I am not worried about someone pretending to know as much as I do about riding with border collies on a K1600... I am also not worried about them nefariously getting my password and using it elsewhere, as like I stated, it is for low-security areas like forums.
Glad to see someone agreeing with me for a change! LOL
Funny thing is, ANYONE can create an account here.
Why, I wasn't even required to ride a bike, or own a dog to open my account. (two yorkies, little one and a big one) Guess my password?
Remember the guy that got branded and banded from the site a year ago? He was back on here the next day with a new id and password....and attitude. Now, that is a security problem. (He pretended to be a nice guy with his new id) :confused:
Best.
 

·
Registered
Joined
·
38 Posts
Just wondering. Not being disrespectful. But would like to share my feelings on this subject.

First of all, Is there any way the members here can have a vote or choice on this? j/k

Actually, this is my number one hated thing about using a computer.
In the last few years, due to the rules, especially the DIFFERENT rules from site to site, program to program, etc., I have just what is stated here; lots of DIFFERENT passwords to remember. I CAN'T do it. I can write them down, but that is a risk in itself. Almost every time I log in to anything, I have to refer to a text file where I store all my passwords. Time consuming to say the least; and risky, since now someone can hack my computer and get that file. (Hackers, look for a file on my desktop named " everything you need to steal my identity and ruin my life.txt ")

Some of the rules for passwords get really crazy.
At work, for example:
Passwords must be changed every month. Must have a capital letter, small letter, number, and symbol. Passwords can not be reused. Can not resemble the login name, or any other information on the account.

I understand that security is important for clients, but when the IT department has to hire more people just to handle all of the extra calls from clients that can't log in to their account, this has become a problem. A client should have the option to use a password of their choice.

Really, what harm can someone do by hacking my forum account; stop me from being able to log in? That will probably happen anyway every time that I forget my password.

And the not so funny thing is, even with all these security rules, one of my accounts still got hacked.

Again, I apologize, but back in the early 90s someone talked me into getting a computer so that I could do things easier, use less paper, and be more efficient. None of that has happened, IMHO.
Best.
You need Keepass and a Dropbox account. That'll solve all your password problems.
 

·
Premium Member
Joined
·
551 Posts
Does the password really need to change annually? It is not like our data here on this forum is anything worth hacking... no credit card, bank accounts or social security number.
Who wants to login as me... I'm just your average Psycho.
 

·
Registered
Joined
·
6,008 Posts
My Mac can Generate a very strong, impossible to remember password and it offers this up each time I log onto a new site and need to create a password.
KeyChain can be tied to your iCloud account, and thus used on multiple devices.
 

·
Registered
Joined
·
6,008 Posts
The reason this is coming down the pipe is beacuse the hackers are getting more and more persistent:

Hacker steals 45 million accounts from hundreds of car, tech, sports forums | ZDNet

https://www.leakedsource.com/blog/verticalscope

So all of us should change our forum passwords today, especially if you're using the same password on other websites. The first thing that hackers do when they crack someone's password is to try it on other accounts - banking websites, Facebook, Twitter, etc.

A friend of mine who does White Hat work found his forum username in the LeakedSource database twice, both of which matched up with his VerticalScope accounts, as used on many enthusisast forums like this one.

If you heard there was a rash of robberies in your neighborhood, wouldn't you double-check all your locks and windows, just to be safe?
 

·
Premium Member
Joined
·
2,416 Posts
Simply stated.....

What is the big risk on a forum?

Nobody here even knows my last name so I hardly think there is a big security risk here.
I like the site, but having to change passwords and get more restrictive on them is ridiculous IMHO.

My 2 Cents....
 

·
Premium Member
Joined
·
3,815 Posts
....
The last response above say he uses KeePass. What makes you think their server won't get hacked?
It's not server based. You install and use it only on your own computer.
 
1 - 20 of 134 Posts
Top