Password Change / Staff / My Opinion - Kawasaki Versys Forum
Verticalscope Forum Support / Help (Kawasakiversys.com) Questions about forum functionality or suggestions for improvement. Need help finding what you're looking for? Let us know here!

 4Likes
  • 1 Post By MarvinDMartian42
  • 1 Post By onewizard
  • 1 Post By MarvinDMartian42
  • 1 Post By onewizard
 
LinkBack Thread Tools Display Modes
post #1 of 10 (permalink) Old 06-23-2018, 09:57 AM Thread Starter
Super Moderator
 
Join Date: Nov 2008
Location: Kitchener Ontario
Posts: 6,197
Password Change / Staff / My Opinion

So today I got notification your password has expired, 365 days.

Your password needs : upper case;lower case;numbers;symbols;must be 10 characters or more. Many members on this forum are old school, able to get by , however this isn't my bank account, this forum doesn't have any connection to anything that is used for money transfer, it doesn't contain sufficient info to steal my identity, yet here I am coming up with a new password, which by the way I have had to do before. Why does it sound like I am upset? Because there is a good chance that some or many members will use a password that they use for banking or other secure logins. This site isn't secure, there are many services out there such as Norton that will save all your passwords and manage them, just think for a minute, should they get hacked, you definitely are in trouble.

As a mod I am a bit disappointed that as a team we weren't consulted. Do I expect that some members may just give up logging in****YES
onewizard is online now  
Sponsored Links
Advertisement
 
post #2 of 10 (permalink) Old 06-23-2018, 01:30 PM
Super Moderator
 
fasteddiecopeman's Avatar
 
Join Date: Jul 2008
Location: Kelowna, BC - summer; Florence, AZ - winter
Posts: 16,776
I'm w/ onewizard on this - having to change passwords every now-and-then is a SUPER PITA!


Ed
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


'08 V AZ, '15 V650LT BC
Ride to D2D 2013, June '13

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


Ride to D2D 2015, June '15

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


Ride to D2D 2016, June '16

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Last edited by onewizard; 06-23-2018 at 01:34 PM.
fasteddiecopeman is offline  
post #3 of 10 (permalink) Old 06-28-2018, 08:24 AM
Member
 
MarvinDMartian42's Avatar
 
Join Date: Apr 2018
Location: Floral, Ar
Posts: 4
Garage
Im not a mod here (obviously as im new this year ) but I have worked in IT / security for 18 years. I have seen sites and services get hacked by weak passwords a lot. IMHO i am all for the password requirements. This site has a wealth of knowledge that should be protected. I would hate to see some little punk get in here and ruin what we have. When the site was partially down for the migration I almost cried. Lol well maybe not cried, but I was a little disappointed as I was trying to find some info that i was needing about the chain maintenance.

But, as an example, if a password was compromised, the hacker could post links that look legit (or are replaced with one of the common tiny URL services) that goes to a malicious site. And someone clicking the link could then have the system they are on compromised, exposing everything they do on their system (banking, 401k management, medical / insurance tasks they might do).

Our mods / members provide a vital role to our community of riders. Like I said before the knowledge here is fantastic, but the site is also a good source of inspiration on modifications we can do to our bikes to make them as sexy and/or mean as we can. But try as yall might, my bike is the sexiest of them all (lol joking).
onewizard likes this.

Robert Bristow

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Blue 2008 Kawasaki KLE650
MarvinDMartian42 is offline  
 
post #4 of 10 (permalink) Old 06-28-2018, 08:56 AM Thread Starter
Super Moderator
 
Join Date: Nov 2008
Location: Kitchener Ontario
Posts: 6,197
Security

Quote:
Originally Posted by MarvinDMartian42 View Post
Im not a mod here (obviously as im new this year ) but I have worked in IT / security for 18 years. I have seen sites and services get hacked by weak passwords a lot. IMHO i am all for the password requirements. This site has a wealth of knowledge that should be protected. I would hate to see some little punk get in here and ruin what we have. When the site was partially down for the migration I almost cried. Lol well maybe not cried, but I was a little disappointed as I was trying to find some info that i was needing about the chain maintenance.

But, as an example, if a password was compromised, the hacker could post links that look legit (or are replaced with one of the common tiny URL services) that goes to a malicious site. And someone clicking the link could then have the system they are on compromised, exposing everything they do on their system (banking, 401k management, medical / insurance tasks they might do).

Our mods / members provide a vital role to our community of riders. Like I said before the knowledge here is fantastic, but the site is also a good source of inspiration on modifications we can do to our bikes to make them as sexy and/or mean as we can. But try as yall might, my bike is the sexiest of them all (lol joking).
My main gripe was I was forced to change my password to log in, my preference would have been to delay for a day, secondly the site was not secure although the password change degree of difficulty implied this was needed. Today this site now boast's the secure lock symbol.

That being said, those members that use their banking password on this site may feel a little more secure, however a couple things I will suggest. When sending / receiving email, make sure you delete old messages, those with delivery from amazon.com, anything that can link you to a payment method. If you are sending your name , address and phone # to a buddy, delete from the sent folder when complete, anything with your identity. Make a point of deleting your sent email each day. I have one email address for all money transaction's , two more that are used for everything else, when I get a PayPal notification phishing email to these I know it is just that. What I have said here is a small fraction of what is needed these days to combat theft.
MarvinDMartian42 likes this.
onewizard is online now  
post #5 of 10 (permalink) Old 06-28-2018, 09:11 AM
Member
 
MarvinDMartian42's Avatar
 
Join Date: Apr 2018
Location: Floral, Ar
Posts: 4
Garage
I agree with you on that. Sometimes it is hard to come up with a good password that you can remember. Everyone is entitled to gripe and complain about stuff. It is a reason changes happen and normally for the better. Maybe this will encourage a notice of some sort the next time something like this is changed.

A lot of people still use that same passwords for everything they do. Why people? WHY ?!?!? lol
onewizard likes this.

Robert Bristow

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Blue 2008 Kawasaki KLE650
MarvinDMartian42 is offline  
post #6 of 10 (permalink) Old 06-28-2018, 09:28 AM Thread Starter
Super Moderator
 
Join Date: Nov 2008
Location: Kitchener Ontario
Posts: 6,197
IT Guy / Thanks

Quote:
Originally Posted by MarvinDMartian42 View Post
I agree with you on that. Sometimes it is hard to come up with a good password that you can remember. Everyone is entitled to gripe and complain about stuff. It is a reason changes happen and normally for the better. Maybe this will encourage a notice of some sort the next time something like this is changed.

A lot of people still use that same passwords for everything they do. Why people? WHY ?!?!? lol
Yes, kind of funny but not, latest security change is using a phone number to send a 1 time , time sensitive code to verify a login to a bank account, landline and cell phone numbers, they are going away from security questions as who remembers them, what remains important is that access to your cell be secure, I know this day and age people bank from their phone, which means security is extremely important.
So a FYI for those reading this post, information I will pass along, notification that I as a mod receive but feel important to pass along to members;

Improving security across our network and adding Secure Sockets Layer or SSL to the site. This means going forward you'll see Hyper Text Transfer Protocol Secure (HTTPS); the secure version of HTTP, the protocol used to send data between your browser and the website that you are connected to. This means all communications between your browser and the website will have another layer of encryption.

This doesn't mean you can let your guard down, but knowing the site is coming up to snuff with many other sites.
MarvinDMartian42 likes this.
onewizard is online now  
post #7 of 10 (permalink) Old 07-04-2018, 02:36 PM
Administrator
 
Join Date: Aug 2009
Posts: 511
Garage
While we can appreciate your concerns, the password requirements are the same on all our sites, and in line with most sites on the internet (LinkedIn, Facebook, Emails, ect). The Uppercase, Numbers, Symbols ect requirements ensure passwords are complex and secure as BruteForce attacks can easily break lower tier passwords (password123, ect).

This is the norm for most sites on the internet and as security of our members accounts are high priority, it was made that way as well.

The site does now boast the Secure / HTTPS as we have added SSL to it as well to give another level of protection.

- JB
KawiMan is offline  
post #8 of 10 (permalink) Old 07-06-2018, 09:28 AM
Member
 
quexpress's Avatar
 
Join Date: Apr 2015
Location: Montreal, Quebec, Canada
Posts: 899
Password Managers

In my case, a password manager has been an extremely useful tool.
It creates complex passwords for me and ... remembers them!

FYI:

https://www.howtogeek.com/141500/why...o-get-started/

Note: I have been using 1Password for the past 5 years.

I still have a full deck.
I just shuffle slower.
quexpress is offline  
post #9 of 10 (permalink) Old 07-06-2018, 12:41 PM
Member
 
Join Date: May 2016
Location: Omaha, NE
Posts: 269
Garage
Quote:
Originally Posted by MarvinDMartian42 View Post
...
But, as an example, if a password was compromised, the hacker could post links that look legit (or are replaced with one of the common tiny URL services) that goes to a malicious site. And someone clicking the link could then have the system they are on compromised, exposing everything they do on their system (banking, 401k management, medical / insurance tasks they might do).
....
They can do all this now, without guessing anyone's password. Anyone can create an account here, and start doing what you are suggesting. So I don't see how stronger password rules help prevent that from happening.

I agree overly strict password requirements on forum sites are a pain. I do believe there should be some simple rules, it shouldn't be "password" or "password123" for example. But using the same requirements as a bank is overkill and a hassle.
zirconx is online now  
post #10 of 10 (permalink) Old 07-06-2018, 07:13 PM Thread Starter
Super Moderator
 
Join Date: Nov 2008
Location: Kitchener Ontario
Posts: 6,197
Explanation / Older members

I never meant this to be a debate, I was more concerned about the older members that struggle to post , no need to make it difficult to just log in by forcing a password change, this could cause some members to walk away as said previously, I have accepted it and have moved on . The secure HTTPS was a year overdue. The spam software works reasonably well.
onewizard is online now  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Kawasaki Versys Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome