Attention - Password and Security Update
OpelGT.com is the premier Opel GT Forum on the internet. Registered Users do not see the above ads.
Page 1 of 4 1234 LastLast
Results 1 to 20 of 73
Like Tree29Likes

Thread: Attention - Password and Security Update

  1. #1
    Administrator AGadmin's Avatar
    Join Date
    May 2011
    Posts
    338
    Downloads
    0
    Uploads
    0

    Attention - Password and Security Update

    Hello all,

    Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

    1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

    2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

    We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

    Thanks all,

    Helena

    Community Management
    The Scifi Guy likes this.

  2. Remove Advertisements
    OpelGT.com
    Advertisements
     

  3. #2
    Über Genius My location First opel 1981's Avatar
    Join Date
    Apr 2003
    Location
    Portland, Oregon
    Posts
    6,548
    Downloads
    0
    Uploads
    0
    Thanks.

    Just what I wanted to do is to change my saved passwords on 4 different devices to something I will probably forget.

    I've had the same 6 letter password on Ebay for 14 years with no problems...
    Opel GTs are not GM products
    ̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶— ̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶ ̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶ ̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—
    Humans are not an endangered species!
    ̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶— ̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶ ̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶ ̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—

  4. #3
    Owner of EZ2Wire.com My location GoinManta's Avatar
    Join Date
    Mar 2002
    Location
    Midlothian, Virginia, United States
    Posts
    6,754
    Real Name
    Charles Goin
    Downloads
    5
    Uploads
    0
    I already have a simple password for websites I dont care if they ever get hacked.

    This is not needed in this kind of forum. Its just one more level of passwords I will forget.
    Aardvaark (R.I.P.) likes this.
    CURRENT
    '71 Opel Kadett 4 Door 36D (2.0 L w/ EFI & Auto) - "Mary Ann"
    '74 Opel Manta - "Barbara"
    '72 Opel GT - "Ginger"
    '05 Pontiac GTO

    In the past owned:
    '04 & 06 Pontiac GTO
    2 Bitters (#491/#439)
    '73 Commodore GS
    ATLAS ( 74 Manta w/ 2.8L LK5 )
    & many other Opels

  5. Remove Advertisements
    OpelGT.com
    Advertisements
     

  6. #4
    1000 Post Club kwschumm's Avatar
    Join Date
    Nov 2009
    Location
    Pacific NW
    Posts
    1,083
    Downloads
    1
    Uploads
    0
    Quote Originally Posted by GoinManta View Post
    I already have a simple password for websites I dont care if they ever get hacked.

    This is not needed in this kind of forum. Its just one more level of passwords I will forget.
    Exactly. I have no personal information on this site to care about being hacked and stolen. No address, phone number, credit card number, etc. It seems like most anything about any member is available by logging in. What am I missing?
    Thurston County, WA, effective motto: "Gophers, Gophers Über Alles"

  7. #5
    Opelnut opelnut_1's Avatar
    Join Date
    Apr 2003
    Location
    Colorado
    Posts
    772
    Downloads
    3
    Uploads
    0
    is this an option? I for one agree with all that has been said about not needing the complex password that will expire an need to be changed so that even I wont remember it when a new device comes my way or an old one needs reset
    My Collection:
    69 Opel GT (Mystery Car)
    70 Opel Gt (First car)
    72 Opel Gt (Mostly Stock)
    87 Volvo 240 (Daily Driver)
    07 Volvo S60 (Daily Driver soon)
    07 CBR 1000rr (SPEED FIX Machine)
    65 F250 (for parts haulin)
    65 Fastback Stang (Sleeping Till Gt is back on the Road)

    87 & 88 Ysr 50 (street legal pocket bikes)

  8. #6
    Opel Intern Swiftus's Avatar
    Join Date
    Aug 2008
    Location
    Corvallis, Oregon
    Posts
    1,194
    Real Name
    Jay Swift
    Downloads
    0
    Uploads
    0

    Praise XKCD

    Anyone who enjoys science and technology probably has a favorite XKCD comic.

    This just so happens to be mine.

  9. #7
    Member Timbo's Avatar
    Join Date
    Feb 2012
    Location
    Auburn, NH
    Posts
    411
    Real Name
    Tim
    Downloads
    0
    Uploads
    0
    This is an issue only because people use the same password for all of their accounts. So although this site may not contain vital information, your password may open the door to a more critical account. It is a pain although once-a-year changes are somewhat relaxed from what I've had to deal with on accounts that require changing every 90 days, but overall security is an issue. What ends up happening is everyone has the list with their passwords on it sitting on the desk or in the drawer, which in itself is not a secure approach but there is no way to remember them all. I used to use the same password and change the number at the end, which did work and I only had to keep track of the number.
    jlthunder likes this.

  10. #8
    Opelitis afflicted My location charlie1966's Avatar
    Join Date
    Apr 2007
    Location
    Ireland
    Posts
    431
    Downloads
    0
    Uploads
    0
    A bit more information from management is required to get me onside with this, please.
    This is a public forum, I post way more personal information that any hacker could get from having my password for a non critical site.
    "You can't fix stupid, but stupid eventually fixes itself." -Issac T.

  11. #9
    1000 Post Club kwschumm's Avatar
    Join Date
    Nov 2009
    Location
    Pacific NW
    Posts
    1,083
    Downloads
    1
    Uploads
    0
    Quote Originally Posted by Timbo View Post
    This is an issue only because people use the same password for all of their accounts. So although this site may not contain vital information, your password may open the door to a more critical account. It is a pain although once-a-year changes are somewhat relaxed from what I've had to deal with on accounts that require changing every 90 days, but overall security is an issue. What ends up happening is everyone has the list with their passwords on it sitting on the desk or in the drawer, which in itself is not a secure approach but there is no way to remember them all. I used to use the same password and change the number at the end, which did work and I only had to keep track of the number.
    These days everyone should be using a password tracker (like lastpass), and complex long passwords with numbers, symbols and case differences. There is no excuse for using the same password everywhere. One day we'll get serious about security and use biometrics.
    Thurston County, WA, effective motto: "Gophers, Gophers Über Alles"

  12. #10
    ggl
    ggl is offline
    2000 Post Club ggl's Avatar
    Join Date
    Dec 2008
    Location
    Norway
    Posts
    2,602
    Real Name
    Goy Larsen
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by Timbo View Post
    What ends up happening is everyone has the list with their passwords on it sitting on the desk or in the drawer, which in itself is not a secure approach but there is no way to remember them all.
    Actually that's no longer considered to be much of a security risk, the people braking into your house are unlikely to be looking for your passwords, they're looking for your flat screen TV, stereo or whatever, just don't put it on a post-it sticker on your monitor so it gets stolen along with your computer.

    In fact you'll find security consultants that tells people to write down their long and complex passwords as it's a good trade off vs shorter and easy to remember (and crack) passwords.

    Oh, and by writing them down we mean the good old analogue pencil and paper way, not "notepad" or "post-it for Windows". I once worked on a customer's computer that had a notepad file on his desktop named "passwords.txt", because then it was easy to copy and paste the passwords he needed.......
    okieopel likes this.
    "I hate RallyBob"


  13. #11
    Member Timbo's Avatar
    Join Date
    Feb 2012
    Location
    Auburn, NH
    Posts
    411
    Real Name
    Tim
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by ggl View Post
    Actually that's no longer considered to be much of a security risk, the people braking into your house are unlikely to be looking for your passwords, they're looking for your flat screen TV, stereo or whatever, just don't put it on a post-it sticker on your monitor so it gets stolen along with your computer.

    In fact you'll find security consultants that tells people to write down their long and complex passwords as it's a good trade off vs shorter and easy to remember (and crack) passwords.

    Oh, and by writing them down we mean the good old analogue pencil and paper way, not "notepad" or "post-it for Windows". I once worked on a customer's computer that had a notepad file on his desktop named "passwords.txt", because then it was easy to copy and paste the passwords he needed.......
    Well if you put the paper with all the passwords in a safe place, you might not remember where it is. Hell, I can see our list from here sitting in the living room. I agree that the guy breaking into your house is looking for quick cash or things that can be turned into cash quickly and guns.

    I'm on the board of a small association and we have a website. It is under constant attack from robots trying to break into the system. There is nothing to get from the site that you isn't readily available to a guest, but they keep trying.

  14. #12
    Opeler Yellow73GT's Avatar
    Join Date
    Apr 2003
    Location
    N.Dak.
    Posts
    950
    Real Name
    Chuck
    Downloads
    5
    Uploads
    0
    L a m e I am certain NO one here or anywhere would ever break my current password. So this is beyond lame. especially since I already use different COMPLEX passwords for every forum or service that I need one for. This just adds the complication of trying to remember what the hell I have changed it too way to frequently. Maybe I and others will just find it easier to frequent some "other" site, where this isn't being implemented.
    "Be Water, My Friend" Bruce Lee, December 9, 1971

  15. #13
    Über Genius My location First opel 1981's Avatar
    Join Date
    Apr 2003
    Location
    Portland, Oregon
    Posts
    6,548
    Downloads
    0
    Uploads
    0
    From my limited experience working closely with the IT industry (about 20 years now) I know that most of the time these situations come about because of one or both of two things.

    1) Someone got canned from the company
    2) Someone new was hired and, to convince their boss they are smart, they lay out a bunch of reasons that all the passwords need to be changed (citing security isn't very good).

    There's another, unrelated, thing the new IT guy will almost always do. They will start sighing and making other noises and then convince the boss (who is generally computer dumb) that the file structure is crap and will need to be completely redone.
    eaymon likes this.
    Opel GTs are not GM products
    ̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶— ̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶ ̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶ ̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—
    Humans are not an endangered species!
    ̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶— ̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶ ̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶ ̶̶̶—̶̶̶̶̶̶̶—̶̶̶̶̶̶̶—

  16. #14
    ggl
    ggl is offline
    2000 Post Club ggl's Avatar
    Join Date
    Dec 2008
    Location
    Norway
    Posts
    2,602
    Real Name
    Goy Larsen
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by Timbo View Post
    I'm on the board of a small association and we have a website. It is under constant attack from robots trying to break into the system. There is nothing to get from the site that you isn't readily available to a guest, but they keep trying.
    Not surprised, they don't even look at what kind of site you're running. The fact that it's there is reason enough for them to shake the can and see what comes out of it. If you hit enough sites then you're bound to hit one sooner or later with poor security that's got something of value, they're just playing the numbers
    "I hate RallyBob"


  17. #15
    3000 Post Club My location m610's Avatar
    Join Date
    May 2010
    Location
    Davis, CA USA
    Posts
    3,025
    Real Name
    Mike Meier
    Downloads
    1
    Uploads
    0
    Being reported elsewhere, VerticalScope, who hosts many automotive sites/forums, was recently hacked.

    VerticalScope.com

    This site is not listed there, so I guess we are OK, but the admin's new policy makes sense in the light of this.

  18. #16
    Just Some Dude in Jersey My location The Scifi Guy's Avatar
    Join Date
    Nov 2007
    Location
    Cöllingswööd, NJ
    Posts
    9,707
    Real Name
    Gördö
    Downloads
    6
    Uploads
    0
    After a headline making breach of the Post Office's network about 6-9 months ago, we all had to switch to 16 character minumum passwords consisting of at least: 4 lower case, 4 capitals, 4 numbers, and/or 4 non-alphanumeric characters. And they only last 3 months and you have to make a new one. It requires 3 seperate logins for me to open the programs I need to do my job every day, each one different. The login only lasts for 10 minutes, if I don't wiggle the mouse or hit a key the login times out and I have to re-enter it. The one good thing is that, since I have to re-login about 15-20 times a day to check this website, I end up memorizing the new password pretty quickly(see the list below)

    I'm running out of Opel models and years to make passwords out of(1970OpelGTWow! ; 1969/70FlyingBANAna ; Carlisle2016WIN! ; '72RedBaronGT!?! ; 1812OpelGTXtreme ; 1776FORDmustang. ; etc.)

    broszzy2 likes this.

  19. #17
    Member Timbo's Avatar
    Join Date
    Feb 2012
    Location
    Auburn, NH
    Posts
    411
    Real Name
    Tim
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by The Scifi Guy View Post
    After a headline making breach of the Post Office's network about 6-9 months ago, we all had to switch to 16 character minumum passwords consisting of at least: 4 lower case, 4 capitals, 4 numbers, and/or 4 non-alphanumeric characters. And they only last 3 months and you have to make a new one. It requires 3 seperate logins for me to open the programs I need to do my job every day, each one different. The login only lasts for 10 minutes, if I don't wiggle the mouse or hit a key the login times out and I have to re-enter it. The one good thing is that, since I have to re-login about 15-20 times a day to check this website, I end up memorizing the new password pretty quickly(see the list below)

    I'm running out of Opel models and years to make passwords out of(1970OpelGTWow! ; 1969/70FlyingBANAna ; Carlisle2016WIN! ; '72RedBaronGT!?! ; 1812OpelGTXtreme ; 1776FORDmustang. ; etc.)

    You just need to pick one with a number at the end and increment it every 3 months. Maybe :GTXcostToDate=+$00001 May need to add another zero.
    Last edited by Timbo; 06-15-2016 at 09:02 PM.
    Gary and The Scifi Guy like this.

  20. #18
    Administrator AGadmin's Avatar
    Join Date
    May 2011
    Posts
    338
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by Timbo View Post
    You just need to pick one with a number at the end and increment it every 3 months. Maybe :GTXcostToDate=+$00001 May need to add another zero.
    These are good suggestions. Anything with capital letters, numbers and special characters make a password more secure.

    and 1776FordMustang? Back when horsepower was REAL horsepower!

    - JB

  21. #19
    Opel Intern Swiftus's Avatar
    Join Date
    Aug 2008
    Location
    Corvallis, Oregon
    Posts
    1,194
    Real Name
    Jay Swift
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by AGadmin View Post
    These are good suggestions. Anything with capital letters, numbers and special characters make a password more secure...
    While technically true, a longer password makes for a more secure password exponentially whereas additional options per character merely scale the security.

    Lets take a simple example.

    If you start with a 4 character password with only lower case letters as possibilities, you have 26^4 possibilities, or 456,976 possibilities.

    Now say you allow capital letters, DOUBLING the number of choices per character. That's 52^4 possibilities, or 7,311,616 possibilities.

    If you were, however, to keep to just 26 lower case letters and instead double the number of character choices from 4 to 8, you now have 26^8 possibilities, or 208,827,064,576 possibilities.

    Doubling the length, rather than the complexity of a password in this short case makes it 28,561 TIMES more difficult to break the password. 5 orders of magnitude... 5.

    Additionally, in the perspective of how people remember things, it is easier for people to remember a set of characters rather than the specifics of how those characters are configured.

    How do you remember the Preamble to the US Consititution?

    'We the People of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defence, promote general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.'

    Thats how I remember it. And in general, that totally makes sense if we as humans are communicating it between ourselves. We get the gist. How does it actually look?

    'We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.'

    See all of the capital letters I missed in my rendition? A computer would tell me I was totally wrong and yet a person would have said I was right. If you constrain the passwords to fewer character choices but require a longer password, people are MORE likely to remember it and yet it still makes it waaaayyyy more difficult for a computer to guess it.

    All I am saying is don't require the use of every kind of character that can exist in a keyboard and instead just require long passwords. 12 charachters, 16 characters, whatever you deem necessary in length for the standard lowercase alphabet to be secure enough is fine with me.
    m610 likes this.

  22. #20
    1000 Post Club
    Join Date
    Mar 2012
    Location
    Scottsdale, Az
    Posts
    1,687
    Downloads
    1
    Uploads
    0
    Quote Originally Posted by Swiftus View Post
    While technically true, a longer password makes for a more secure password exponentially whereas additional options per character merely scale the security.

    Lets take a simple example.

    If you start with a 4 character password with only lower case letters as possibilities, you have 26^4 possibilities, or 456,976 possibilities.

    Now say you allow capital letters, DOUBLING the number of choices per character. That's 52^4 possibilities, or 7,311,616 possibilities.

    If you were, however, to keep to just 26 lower case letters and instead double the number of character choices from 4 to 8, you now have 26^8 possibilities, or 208,827,064,576 possibilities.

    Doubling the length, rather than the complexity of a password in this short case makes it 28,561 TIMES more difficult to break the password. 5 orders of magnitude... 5.

    Additionally, in the perspective of how people remember things, it is easier for people to remember a set of characters rather than the specifics of how those characters are configured.

    How do you remember the Preamble to the US Consititution?

    'We the People of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defence, promote general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.'

    Thats how I remember it. And in general, that totally makes sense if we as humans are communicating it between ourselves. We get the gist. How does it actually look?

    'We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.'

    See all of the capital letters I missed in my rendition? A computer would tell me I was totally wrong and yet a person would have said I was right. If you constrain the passwords to fewer character choices but require a longer password, people are MORE likely to remember it and yet it still makes it waaaayyyy more difficult for a computer to guess it.

    All I am saying is don't require the use of every kind of character that can exist in a keyboard and instead just require long passwords. 12 characters, 16 characters, whatever you deem necessary in length for the standard lowercase alphabet to be secure enough is fine with me.
    Jay, I think you are missing one IMPORTANT point! My password is already 8 characters and can already include both numbers and UPPER CASE characters which means it is 62^8 or approximately 218+ TRILLION combinations (or about 1000 times your lower case only, 8 character example). The question I think all are raising here is "How much more secure do we have to be?". Because you seem to be familiar with security issues, if I were using a good "search algorithm", how much longer would it be before my computer discovered your password
    with the 2 above examples. I'm guessing that the number would be on the order of 1000 times but have no idea of the actual magnitude. I've been wrong before, so correct me if I am again. JMHO -- Doug

Page 1 of 4 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

    Similar Threads

    1. password protection
      By sawdust in forum Humor
      Replies: 6
      Last Post: 12-19-2012, 09:59 PM
    2. Longest password . . .
      By tekenaar in forum Humor
      Replies: 0
      Last Post: 03-25-2010, 11:52 AM
    3. Password . . .
      By tekenaar in forum Humor
      Replies: 0
      Last Post: 04-08-2005, 02:31 PM

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •