Attention - Password and Security Update - Page 2 - Kia Forum
 26Likes
Reply
 
LinkBack Thread Tools Display Modes
post #11 of 30 (permalink) Old 06-16-2016, 01:39 PM
PLP
Super Moderator
 
PLP's Avatar
 
Join Date: Dec 2008
Location: Haslett, MI, USA, Earth
Posts: 6,734
Drives: 2016 FIAT 500X Trekking Plus AWD; 2016 Kia Forte5 SX 1.6T A/T
Gallery: 3
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 297 Post(s)
Garage

All right. Number sounds great - 45 million. However, I will ask again - what do we keep on forum that is not publicly known (maybe except email address)?

I just checked my profile. The only thing that is not "public" is my email address. The rest, like day/month of DOB, my posts, cars I drive - all of it is public and can be easily found.
I understand security and I am glad AutoGuide wants to keep us safe. However, changing password every year into something different each time will result in writing this password somewhere on piece of paper, or in email, or somewhere, or better yet - making the password easy to hack.

My bank account? My email account? Retirement? Sure, those are protected by strong passwords. Forum? Well, not really.

engineered likes this.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
USA - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Canadian owner manuals (still free)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Europe - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Do you talk/text and drive? Watch it. Very interesting test:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
PLP is offline  
Sponsored Links
Advertisement
 
post #12 of 30 (permalink) Old 06-16-2016, 03:15 PM
Veteran
 
Loyale 2.7 Turbo's Avatar
 
Join Date: Dec 2009
Location: French Harbour, Roatán; Honduras.
Posts: 2,512
Drives: 1985 Subaru Loyale (wagon), 2000 Kia Sephia (sedan), and 1969 Mercury Comet (coupé)
Gallery: 0
Mentioned: 8 Post(s)
Tagged: 0 Thread(s)
Quoted: 134 Post(s)

Quote:
Originally Posted by PLP View Post
Well, password expiration... what do we store on this site that is so sensitive?
A Reputation.

If someone steals your account, can be posting on your behalf...
PLP likes this.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Loyale 2.7 Turbo is offline  
post #13 of 30 (permalink) Old 06-16-2016, 03:16 PM
PLP
Super Moderator
 
PLP's Avatar
 
Join Date: Dec 2008
Location: Haslett, MI, USA, Earth
Posts: 6,734
Drives: 2016 FIAT 500X Trekking Plus AWD; 2016 Kia Forte5 SX 1.6T A/T
Gallery: 3
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 297 Post(s)
Garage

Quote:
Originally Posted by Loyale 2.7 Turbo View Post
A Reputation.

If someone steals your account, can be posting on your behalf...
lol
that would be childish... and that's the only thing that one can do and that can be relatively easily tracked by following IP, unless one will really try to cover their tracks.
Loyale 2.7 Turbo likes this.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
USA - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Canadian owner manuals (still free)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Europe - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Do you talk/text and drive? Watch it. Very interesting test:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
PLP is offline  
post #14 of 30 (permalink) Old 06-16-2016, 03:22 PM
Veteran
 
Loyale 2.7 Turbo's Avatar
 
Join Date: Dec 2009
Location: French Harbour, Roatán; Honduras.
Posts: 2,512
Drives: 1985 Subaru Loyale (wagon), 2000 Kia Sephia (sedan), and 1969 Mercury Comet (coupé)
Gallery: 0
Mentioned: 8 Post(s)
Tagged: 0 Thread(s)
Quoted: 134 Post(s)

Exclamation

I Agree that such behaviour is Childish; however, being a forum member on different Worldwide forums, since 1999, I already had faced such situation; someone tried to access on another automotive forum, under my User Name; but the Administrator there, was very kind and helped me to recover my account, and erase the posts done by the attacker.

Yes, the IP address is trackable, but also can be bypassed by using proxy services, you know...

Kind Regards.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Loyale 2.7 Turbo is offline  
post #15 of 30 (permalink) Old 06-22-2016, 08:13 AM
PLP
Super Moderator
 
PLP's Avatar
 
Join Date: Dec 2008
Location: Haslett, MI, USA, Earth
Posts: 6,734
Drives: 2016 FIAT 500X Trekking Plus AWD; 2016 Kia Forte5 SX 1.6T A/T
Gallery: 3
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 297 Post(s)
Garage

the new password is a killer... or I should say overkill.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
USA - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Canadian owner manuals (still free)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Europe - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Do you talk/text and drive? Watch it. Very interesting test:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
PLP is offline  
post #16 of 30 (permalink) Old 06-22-2016, 10:55 AM
Super Moderator
 
ron1004's Avatar
 
Join Date: Jun 2005
Location: Louisville, KY
Posts: 6,740
Drives: 1999 Kia Elan
Gallery: 13
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 362 Post(s)
Garage

Quote:
Originally Posted by PLP View Post
the new password is a killer... or I should say overkill.
It requires a more complex password than my company's email account, ......now if we can divert our attention to removing the social media registration, which is most likely a greater risk.

Quality and not quantity counts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Sig image is 500X100 at 11.7 kb
ron1004 is offline  
post #17 of 30 (permalink) Old 06-22-2016, 11:47 AM
Veteran
 
Loyale 2.7 Turbo's Avatar
 
Join Date: Dec 2009
Location: French Harbour, Roatán; Honduras.
Posts: 2,512
Drives: 1985 Subaru Loyale (wagon), 2000 Kia Sephia (sedan), and 1969 Mercury Comet (coupé)
Gallery: 0
Mentioned: 8 Post(s)
Tagged: 0 Thread(s)
Quoted: 134 Post(s)

Quote:
Originally Posted by ron1004 View Post
...now if we can divert our attention to removing the social media registration, which is most likely a greater risk.
I Agree.

~►
http://www.kia-forums.com/kia-forums...oderators.html

Kind Regards.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Loyale 2.7 Turbo is offline  
post #18 of 30 (permalink) Old 06-24-2016, 03:18 AM
Super Moderator
 
ron1004's Avatar
 
Join Date: Jun 2005
Location: Louisville, KY
Posts: 6,740
Drives: 1999 Kia Elan
Gallery: 13
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 362 Post(s)
Garage

Quote:
Originally Posted by ron1004 View Post
It requires a more complex password than my company's email account, ......now if we can divert our attention to removing the social media registration, which is most likely a greater risk.
Two days later I can't log on and find another password reset email - lets hope we don't have to do this every second day.
PLP and engineered like this.

Quality and not quantity counts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Sig image is 500X100 at 11.7 kb
ron1004 is offline  
post #19 of 30 (permalink) Old 06-24-2016, 09:17 AM
Senior Member
 
The Wizard's Avatar
 
Join Date: Dec 2014
Location: NE Florida
Posts: 226
Drives: '15 Sorento EX
Gallery: 0
Mentioned: 6 Post(s)
Tagged: 0 Thread(s)
Quoted: 65 Post(s)

Sorry, I can't agree. I've been in the IT business for over 30 years and have seen many attempts to "improve security" that have ended up being abject failures. Forcing passwords of minimum 10 characters including upper and lower case AND numbers AND symbols is just going to create problems for most users. As has already been mentioned, the only security risk for users of an online forum applies to those users who are dumb enough to use the same password on other (more sensitive) sites. I tend to use differing user names and simple variations of a short password for all the online forums I belong to or moderate. Basically I don't care if someone discovers it - what are they going to do, post a nasty message as me?

Adding complexity to password requirements is not the answer. Doing so actually encourages the very action you want to avoid - people reuse the password on other sites because it's too complex to remember for just one forum. Hackers seldom attack online forums with brute force password guessing. They get passwords by hacking into the site and downloading them (or from lists that have already been discovered). That means that users with artificially complex passwords that then get reused are at much greater risk (because they also tend to use the same user names as well).

And if I may, your handling of the change was less than stellar. As mentioned, nobody bothers to look in this section during their normal browsing. I didn't even know this section existed until today. Posting in each of the major sections really wouldn't have been as much of a problem as you suggest. Or using the announcement capability of the forum software would have reached more members. But really, the issue I have is that the passwords were changed rather than just changing the setting to force users to change their own password at next login. I get my email on my phone but browse on my desktop so trying to type in the cryptic new password became a minor issue.

Obviously my lone opinion will have absolutely zero effect on your processes but I figured I'd voice it anyway.
ron1004, PLP, engineered and 1 others like this.
The Wizard is offline  
post #20 of 30 (permalink) Old 06-24-2016, 11:30 AM
PLP
Super Moderator
 
PLP's Avatar
 
Join Date: Dec 2008
Location: Haslett, MI, USA, Earth
Posts: 6,734
Drives: 2016 FIAT 500X Trekking Plus AWD; 2016 Kia Forte5 SX 1.6T A/T
Gallery: 3
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 297 Post(s)
Garage

Quote:
Originally Posted by ron1004 View Post
Two days later I can't log on and find another password reset email - lets hope we don't have to do this every second day.
I got 2 emails too...


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
USA - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Canadian owner manuals (still free)

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Europe - paid, repair manual

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Do you talk/text and drive? Watch it. Very interesting test:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
PLP is offline  
Reply

  Kia Forum > General > Kia-Forums.com Site Issues and Website Help



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On