Attention - Password and Security Update - 2014+ Jeep Cherokee Forums
User Tag List

 24Likes
Reply
 
LinkBack Thread Tools
post #1 of 39 (permalink) Old 06-14-2016, 11:05 AM Thread Starter
Administrator
 
Aristo's Avatar
 
Join Date: Feb 2013
Posts: 173
Garage
Attention - Password and Security Update

Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
thebige88, rumrunner and AGP like this.

Aristo is offline  
Sponsored Links
Advertisement
 
post #2 of 39 (permalink) Old 06-15-2016, 08:06 AM
Hardcore Member
 
IRSmart's Avatar
 
Join Date: Jan 2015
Posts: 744
Garage
I personally think this is a terrible idea. This site isn't exactly a bank website, you don't have any sensitive information on us. If someone on here has a weak password, that's on them. But don't penalize the masses and make us choose non-conventional passwords just because you think you're doing good by the members. Just my two cents.
IRSmart is offline  
post #3 of 39 (permalink) Old 06-15-2016, 08:14 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,212
Garage
Quote:
Originally Posted by IRSmart View Post
I personally think this is a terrible idea. This site isn't exactly a bank website, you don't have any sensitive information on us. If someone on here has a weak password, that's on them. But don't penalize the masses and make us choose non-conventional passwords just because you think you're doing good by the members. Just my two cents.
That's an intriguing comment based on your username.

I wouldn't be too worried about somebody guessing or brute-forcing my password on a community forum. The larger problem, however, is that there is a strong tendency for password re-use. If "fluffy" gets exposed as a password on this (or any other size) and "you" use the same password on your banking site, there isn't much of a leap to watching your account get emptied. Combine that with the also increasing trend to use e-mail address as an authenticator, and the only thing that's protecting your information is a strong password.

FTR; all of my passwords are at *least* 10 characters long, mixed-case, alphanumeric + special, and aren't re-used. I use an encrypted password safe with a passphrase to keep track of them. I also own my own domains, so I use a different email address for every site/account, which strengthens the authenticator.

https://www.entrepreneur.com/article/246902

If you want to dig into the muck, there is a much more detailed article based on real-life example at https://nakedsecurity.sophos.com/201...aphic-blunder/
Bruno, Edward and sgrim like this.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.

Last edited by Rojhan; 06-15-2016 at 08:19 AM.
Rojhan is offline  
 
post #4 of 39 (permalink) Old 06-15-2016, 10:48 AM
Forum Elder
 
Array's Avatar
 
Join Date: Jan 2014
Location: SE Michigan
Posts: 4,440
Using an encrypted cloud-based password manager that provides cross-device support (e.g. PC, tablet, Phone, etc.) takes the pain out of using gnarly passwords and changing them.
Rojhan, CaliEcoGreen and sgrim like this.
Array is offline  
post #5 of 39 (permalink) Old 06-15-2016, 11:00 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,212
Garage
Quote:
Originally Posted by Array View Post
Using an encrypted cloud-based password manager that provides cross-device support (e.g. PC, tablet, Phone, etc.) takes the pain out of using gnarly passwords and changing them.
The cloud is awesome... when used properly. The safe I use stores the encrypted content on a choice of cloud providers. The en-/de-cryption is done on the device not as a cloud service (just cloud storage).

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #6 of 39 (permalink) Old 06-15-2016, 11:12 AM
Forum Elder
 
Array's Avatar
 
Join Date: Jan 2014
Location: SE Michigan
Posts: 4,440
Quote:
Originally Posted by Rojhan View Post
The cloud is awesome... when used properly. The safe I use stores the encrypted content on a choice of cloud providers. The en-/de-cryption is done on the device not as a cloud service (just cloud storage).
Which product are you using?

2015 White/Black Limited | 3.2-L V6 | Active Drive II | Tech Grp | Lux Grp | Trailer Tow Grp | SafetyTec | Uconect 8.4AN | 9 Speakers | Tonneau Cover | Born 09-06-14 : (( (( (( (( (( (( (( :
Array is offline  
post #7 of 39 (permalink) Old 06-15-2016, 11:31 AM
Moderator
 
Join Date: Dec 2014
Location: NOVA (Ashburn), VA
Posts: 2,212
Garage
Quote:
Originally Posted by Array View Post
Which product are you using?
https://www.safe-in-cloud.com/en/

Android, IOS, Mac, and Windows.

My wife and I have a shared cloud storage account (in addition to our personal accounts). Cloud sync means that any updates either one of us make are immediately visible to the other. Passwords, calendar, notes, ... It's awesome for old, feeble, forgetful folks like us.
Array and sgrim like this.

'15 Deep Cherry Red TH w/Brown Interior. 3.2L V-6
Safety-Tec, Cold Weather, Technology, Comfort, Tow, Leather.
Gobi Stealth roof rack with ladder.
My testing platform for electronics/telemetry experimenting.
Rojhan is offline  
post #8 of 39 (permalink) Old 06-15-2016, 11:47 AM
Hardcore Member
 
Racenut's Avatar
 
Join Date: Mar 2014
Location: Santa Cruz, Ca
Posts: 639
Garage
I don't suppose this has anything to do with this bit of news that just dropped?

http://jalopnik.com/45-million-accou...ium=socialflow
sgrim likes this.

I was a good kid, now I'm making up for it....
Racenut is offline  
post #9 of 39 (permalink) Old 06-15-2016, 03:28 PM
Administrator
 
VS-Admin's Avatar
 
Join Date: Sep 2013
Posts: 399
Garage
hey there,

The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.

We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Thanks,

~Shane

Test
VS-Admin is offline  
post #10 of 39 (permalink) Old 06-15-2016, 04:31 PM
Forum Elder
 
Array's Avatar
 
Join Date: Jan 2014
Location: SE Michigan
Posts: 4,440
Yep, https://www.leakedsource.com/ shows my email account name stolen from VerticalScope Network (Vbulletin) twice on 2016-02-01. My guess is JCC & Tundra Solutions. Fortunately it's my garbage account.

2015 White/Black Limited | 3.2-L V6 | Active Drive II | Tech Grp | Lux Grp | Trailer Tow Grp | SafetyTec | Uconect 8.4AN | 9 Speakers | Tonneau Cover | Born 09-06-14 : (( (( (( (( (( (( (( :

Last edited by Array; 06-15-2016 at 05:13 PM.
Array is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the 2014+ Jeep Cherokee Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



  Similar Threads
Thread Thread Starter Forum Replies Last Post
Attention someone in Utah! csmithEOD Exterior 0 07-13-2014 11:55 AM
lost password Gator Jeepcherokeeclub.com Site Help 6 12-11-2013 01:40 AM

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On