Attention - Password and Security Update - Page 6 - Chevelle Tech
Chevelles.com Site Discussion Website questions, feedback, comments, suggestions.

 53Likes
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
post #76 of 206 (permalink) Old Jun 24th, 16, 11:37 AM
Lifetime Premium Member
Jerry
 
Join Date: Jun 2005
Location: Birmingham, AL
Posts: 3,376
Re: Attention - Password and Security Update

Works as long as I copy and paste from the email each time to log in. Even after logging in won't let me change password. When I change the password to something I want it just tells me that it's not the right password for access.

Jerry Briggs
ROLL TIDE!


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
Jerry Briggs is offline  
Sponsored Links
Advertisement
 
post #77 of 206 (permalink) Old Jun 24th, 16, 12:49 PM
Gold Founding Member
Administrator
 
Join Date: Aug 1998
Location: near Kansas City
Posts: 62,288
Garage
Re: Attention - Password and Security Update

We need to be creative and think of a password the meets the criteria plus one we can remember.

.
.
.
.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
Dean is offline  
post #78 of 206 (permalink) Old Jun 24th, 16, 1:40 PM
Lifetime Premium Member
Don
 
Join Date: Jan 2006
Location: Lincoln, NE
Posts: 1,257
Garage
Re: Attention - Password and Security Update

Quote:
Originally Posted by Jerry Briggs View Post
Works as long as I copy and paste from the email each time to log in. Even after logging in won't let me change password. When I change the password to something I want it just tells me that it's not the right password for access.
I just went thru that whole deal twice this morning... I changed it last night, then this morning wouldn't take my new password on my work computer... sure is fun watching a commercial to be able to get the security code... what will they do next to make a buck

Don
'72 Malibu Convertible

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

TC #4782
Lincoln, Ne
MidLife72 is offline  
 
post #79 of 206 (permalink) Old Jun 24th, 16, 1:48 PM
TC
 
Join Date: Mar 2012
Location: Titusville, NJ
Posts: 14
Garage
Re: Attention - Password and Security Update

Quote:
Originally Posted by Administrator View Post
Passwords are encrypted. We do not keep passwords in plain text.

However, if your password is simple enough, having the encrypted file along with with basic info like Username and email means your password could be broken pretty easily. The new additional requirements for password complexity will patch that hole.

Kevin
On that note...
Google to publicly shame websites that aren?t using HTTPS - Panda Security Mediacenter

It was a 3rd party plugin...this time.

Next time it'll just be a sniffer running on a strategically located compromised device, or botnet. Either way, you won't have someone to sick your lawyer on.

Good job, resetting passwords was the right thing to do, but the work is not over...
Eotnak is offline  
post #80 of 206 (permalink) Old Jun 24th, 16, 2:21 PM
Lifetime Premium Member
Mike
 
Join Date: Oct 2011
Location: South Florida
Posts: 3,775
Garage
Re: Attention - Password and Security Update

The red X's must ALL change to blue check marks when submitting in

the new password. In other words, you MUST have an upper case, lower case,

symbol, number, and 10 or more characters total.

Took me about twenty tries to figger that out.

Poor directions on page.

Hope this helps someone.

Mike

My
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.


AACA Senior Grand National
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
Good Guys Muscle Car of the Year Finalist
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Eckler's Winternationals Platinum 1000 pts
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
2016 Midwest Chevelle Regional 1000 Point Award
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

NPD Choice Award All GM Oktoberfest
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
6 times Concours d'Elegance Best in Class
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

MCC Platinum & 2 times People's Choice Award & Carolina Chevelle Club Best in Show
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

2016 Midwest Chevelle Regional "Dean Call Award"
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
2015 OPGI Original Restored Award
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

MCACN Gold
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
69SHEVL is online now  
post #81 of 206 (permalink) Old Jun 24th, 16, 2:36 PM
Gold Member
 
Join Date: Sep 1998
Location: Tucson, AZ, USA
Posts: 9,716
Re: New password requirements????

It seems that they have made this as difficult as possible. I changed to a 12 digit password yesterday morning and all was well. Until this morning when nothing worked. My email informed me that my password has been reset by admin. Why? So I tried to use the new password with no success. I clicked on the blue links in the email for changing the password and it told that since I was not logged in I could not do that. I thought I messed when typing the the new password, so I did a control/c and control/v and that did not work. So I requested another new password, which contained symbols that were hard to read. I did not go well until I copied and pasted. Now after 4 hours of farting around, I am back in. All those 15 minute delays do not help.
Mr. D likes this.
JWagner is offline  
post #82 of 206 (permalink) Old Jun 24th, 16, 3:17 PM
TC
 
Join Date: Mar 2012
Location: Titusville, NJ
Posts: 14
Garage
Re: Attention - Password and Security Update

Quote:
Originally Posted by Dean View Post
We need to be creative and think of a password the meets the criteria plus one we can remember.
A few notes before I begin:

-Passwords for a system like the forums at Team Chevelle are stored on the server in a protected area usually in a file in an encrypted form known as a hash. It is just numbers and letters that the software uses to compare with what you type in for your password. It's really hard to get at, and useless once you have it. Kind of like the seat belt chime in a new car.

-Requiring users to reset their password periodically nets one result: more users end up writing passwords down

-Security is a balance between convenience to the user and integrity of the data. Too far in either direction causes undue stress to the other. Too easy to access, the data gets corrupted/hijacked/stolen easier, too inconvenient for the user to access, the user gives up.

-Data only needs to be protected to the extent that it is not worth the effort that it takes to get to it. If you store your cookies in tupperware in a lock box, your kids will just go to a friend's house for cookies. No need to put them in Fort Knox.

-Forcing hackers to use brute-force methods to crack passwords is the first step to a good password policy

-I have been in IT for many years, and I am now studying network security. I have literally hundreds of accounts, about 10 usernames in total, and not a single password is reused. I write down nothing. I have a system that I developed that is easy to memorize and convenient to use*

Forcing users to periodically change their password, in theory, is supposed to prevent a hacker from having enough time to crack your password. If your password does not contain dictionary words, and is at least 10 characters long, upper, lowercase, numbers, and symbols, and the software (vBulletin) uses a good hashing mechanism, then it would take a hacker at least 19.24 million centuries to crack it remotely. Is it necessary to reset this password every year?

Well, then we get into multipoint attacks. First a hacker needs to break into the forum software and retrieve the list of hashed passwords, in this case, a 3rd party plugin that has system/administrative privileges. So that's the first step...not an easy one, but one of the most popular**. Once the hacker has your listed of hashed passwords, he can get started trying to crack them. A good hashing algorythm forces them to guess each password, one by one. The hacker can either A. crack only the weakest passwords until he has enough to profit, or B. Be forced to crack long, complex passwords because of a good password policy enforced by the site's owners. B. is usually not an option, after some time of not being able to crack a single password out of a given list of hashes, the hacker will toss the list and start with a new web site, etc.

But let's say everyone on the planet has gotten the memo, and everyone is using a good password policy, so the hacker is forced to try to crack these new Team Chevelle passwords. How long would it take? Well, for several tens of thousands of dollars, he could afford a good password cracking machine and sick it on the hashed password list. After a little over 19 years, he would start seeing some passwords start to show in plain text. Is it necessary to reset this password every year?

OK, well there's one last option. China has the world's fastest computer. A hacker could probably buy it for many billions of dollars. He could then use it to crack the new Team Chevelle passwords in about a week.

So the way I see it, we can protect against the probable and change our passwords every 18 years, or lock up our cookies in Fort Knox by forcing a change twice a week.

*Step 1) Take, say the first 4 letters of the web site name or system name, in this case, "chev" Step 2) Add the "Caeser Cipher" which basically means shift every letter to the left or right by any number. Ex: "chev" +2 becomes "ejgx" Step 3) add some text that you can't find in the dictionary, including symbols and numbers that you memorized, ex. "[email protected]", then add it to what you have "[email protected]" Step 4) Profit! When Team Chevelle is hacked, the hacker can make embarrassing posts on your behalf, but your Bank of America password, "[email protected]" is safe!

**Most popular being social engineering, and by the way, you have a tough case trying to sue the developer of a bad plugin because any decent developer utilizes a EULA that basically says "use at your own risk".

TLDR: Sorry the tldr would need to be a few paragraphs and I already wrote it once.
davewho1 likes this.
Eotnak is offline  
post #83 of 206 (permalink) Old Jun 24th, 16, 3:31 PM
Gold Founding Member
Darren
 
Join Date: Oct 1998
Location: Henderson, NV
Posts: 6,218
Re: New password requirements????

Let's fix what wasn't broken until we left the door open...
Mr. D likes this.

Darren
64 El Camino 468, 9", ST-10, 4wdb,
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

69 Firebird 461" stroker, th400, 3.36's, 4wdb,
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
- Sold

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

TC #78 Gold, ACES #3130
Cameano is offline  
post #84 of 206 (permalink) Old Jun 24th, 16, 3:38 PM
Lifetime Premium Member
& Administrator
 
Join Date: Apr 2005
Posts: 16,868
Re: New password requirements????

As some of you have noticed ,me included ,copy/paste is the easiest way to reset your sent password so you can go in and change it to the new spec.
Mike is offline  
post #85 of 206 (permalink) Old Jun 24th, 16, 3:40 PM
Senior Tech Team
jerry
 
Join Date: Dec 2006
Location: portland oregon
Posts: 7,129
Re: New password requirements????

Quote:
Originally Posted by Mike View Post
As some of you have noticed ,me included ,copy/paste is the easiest way to reset your sent password so you can go in and change it to the new spec.
an impossible task on a phone
cheveslakr is online now  
post #86 of 206 (permalink) Old Jun 24th, 16, 3:50 PM
Lifetime Premium Member
& Administrator
 
Join Date: Apr 2005
Posts: 16,868
Re: New password requirements????

Don't know about Iphone but copy/paste works on my Android phone.
Google search might help you.
Mike is offline  
post #87 of 206 (permalink) Old Jun 24th, 16, 4:28 PM
Senior Tech Team
jerry
 
Join Date: Dec 2006
Location: portland oregon
Posts: 7,129
Re: New password requirements????

Quote:
Originally Posted by Mike View Post
Don't know about Iphone but copy/paste works on my Android phone.
Google search might help you.
Okay, thanx for that, learned something new...not uncommon in my world.
However, after c-p'ing the password, it claims I have entered an improper password.

Stumped in Beaverton
cheveslakr is online now  
post #88 of 206 (permalink) Old Jun 24th, 16, 4:35 PM
Mark
 
Join Date: Jun 2016
Location: Hedley BC Canada
Posts: 2
Re: New password requirements????

I found it easier to re register with another username then to go through the clustf*^k of steps they had me go through for it not to work anyways. Way to make things over complicated, powers that be.
Dave Birdwell and Not2Fast like this.

Sometimes a man's gotta do what a woman would never consider.
To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
67Redneck is offline  
post #89 of 206 (permalink) Old Jun 25th, 16, 9:15 AM
 
Join Date: Feb 2006
Location: Virginia
Posts: 10
Re: New password requirements????

Only copy/paste worked for me, too. Doesn't always work, sometimes the function picks up a trailing space. Combination of upper and lower case letters and numbers is the industry standard.
jim3 is offline  
post #90 of 206 (permalink) Old Jun 25th, 16, 11:08 AM
 
Join Date: Jun 2016
Posts: 6
Re: New password requirements????

Quote:
Originally Posted by 67Redneck View Post
I found it easier to re register with another username then to go through the clustf*^k of steps they had me go through for it not to work anyways. Way to make things over complicated, powers that be.
Me too.
Just user cuz psswd chng is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chevelle Tech forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address. Note, you will be sent a confirmation request to this address.

Email Address:
OR

Log-in









Old Thread Warning
This Thread is more than 1334 days old. It is very likely that it does not need any further discussion and thus bumping it serves no purpose.
If you still feel it is necessary to make a new reply, you can still do so though.

Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome