ChiFlyer Posted March 15 Share Posted March 15 (edited) @tommy dee, @Stillearly and other admins. I believe that a significant percentage of the 24x7 BMs are also PA BMs. PA is requiring that their members reset their passwords due to an increase in recent hacks and other security concerns. I believe that I have read that PA and 24x7 are sister brother organizations and there is some overlap with regard to tech support. I am not advocating to do the password reset process at 24x7, but I wonder if it makes some sense. 24x7 has a smaller user base, who tend not to be the same type of young Turks that make up much of the larger community at PA. Assumption is that young Turks tend to engage in more dangerous internet activities (security wise) that might lead to hacks etc. At the same time 24x7 could be regarded as a prurient interest site that could attract hackers for various reasons, especially since our fraternal organization has obviously been hacked. I am not advocating one way or the other, just looking for others opinions. I do not want to push for what might be useless work by anyone. tia, CF Edited March 15 by ChiFlyer 1 Link to comment Share on other sites More sharing options...
Krapow Posted March 15 Share Posted March 15 @Stillearly's an Admin, Jesus Christ we're doomed now I tells ya! I don't see any need or issue with password changes here TBH. If people want to change their password they can, at any time. I'm fine with mine. I personally don't use PA, I don't use any other Thai forum but this one. 1 4 1 Link to comment Share on other sites More sharing options...
Nightcrawler Posted March 15 Share Posted March 15 10 minutes ago, ChiFlyer said: @tommy dee, @Stillearly and other admins. I believe that a significant percentage of the 24x7 BMs are also PA BMs. PA is requiring that their members reset their passwords due to an increase in recent hacks and other security concerns. I believe that I have read that PA and 24x7 are sister brother organizations and there is some overlap with regard to tech support. I am not advocating to do the password reset process at 24x7, but I wonder if it makes some sense. 24x7 has a smaller user base, who tend not to be the same type of young Turks that make up much of the larger community at PA. Assumption is that young Turks tend to engage in more dangerous internet activities (security wise) that might lead to hacks etc. At the same time 24x7 could be regarded as a prurient interest site that could attract hackers for various reasons, especially since our fraternal organization has obviously been hacked. I am not advocating one way or the other, just looking for others opinions. I do not want to push for what might be useless work by anyone. tia, CF I wasn't aware that Stillearly was Admin here. I would have no objection if he were, but would not like to be last to know😄 I personally don't think there is any reason at present for members to change their passwords. As far as I aware, we have never been hacked. Whatever PA may decide to is up to them. 5 Link to comment Share on other sites More sharing options...
ChiFlyer Posted March 15 Author Share Posted March 15 Just now, Nightcrawler said: I wasn't aware that Stillearly was Admin here. I would have no objection if he were, but would not like to be last to know😄 I personally don't think there is any reason at present for members to change their passwords. As far as I aware, we have never been hacked. The @Stillearly promotion was obviously my misunderstanding. All apologies, especially to @Stillearly who is probably not looking for additional work. 🙂 I think I will change my password, just to feed my security paranoia, which has benefited me a few times. 2 Link to comment Share on other sites More sharing options...
boydeste Posted March 15 Share Posted March 15 (edited) As previously said, if you feel the need to change your password, it is easy to do yourself. I personally hate password change enforcement, because I then have to remember what I changed it to. Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one. Edited March 15 by boydeste 1 5 Link to comment Share on other sites More sharing options...
Nightcrawler Posted March 15 Share Posted March 15 Just now, boydeste said: As previously said, if you feel the need to change your password, it is easy to do yourself. I personally hate password change enforcement, because I then have to remember what I changed it too. Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one. Yes, it should be a voluntary issue rather than being enforced 2 Link to comment Share on other sites More sharing options...
boydeste Posted March 15 Share Posted March 15 As for @Stillearly being admin, he is probably choking on his cocktail right now reading this with the thought of going back to work. 6 Link to comment Share on other sites More sharing options...
ChiFlyer Posted March 15 Author Share Posted March 15 5 minutes ago, Nightcrawler said: Yes, it should be a voluntary issue rather than being enforced Agreed and I have changed mine to a much stronger one. Link to comment Share on other sites More sharing options...
ChiFlyer Posted March 15 Author Share Posted March 15 9 minutes ago, boydeste said: As previously said, if you feel the need to change your password, it is easy to do yourself. I personally hate password change enforcement, because I then have to remember what I changed it to. Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one. I do not enjoy changing my passwords, but do so on a regular basis. I was a consultant for the US IRS for 5 years. The rules on password changes were insane, but it did goad me into developing a complex system of passwords that are memorable. 1 Link to comment Share on other sites More sharing options...
Popular Post Stillearly Posted March 15 Popular Post Share Posted March 15 I just came out in a cold sweat ... 😅 1 8 Link to comment Share on other sites More sharing options...
Freee!! Posted March 15 Share Posted March 15 (edited) 23 minutes ago, boydeste said: As previously said, if you feel the need to change your password, it is easy to do yourself. I personally hate password change enforcement, because I then have to remember what I changed it to. Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one. That password change policy is against NIST guidelines as it leads to passwords that are easier to remember and as such easier to crack. Quote The password requirement basics under the updated NIST SP 800-63-3 guidelines are: Length—8-64 characters are recommended. Character types—Nonstandard characters, such as emoticons, are allowed when possible. Construction—Long passphrases are encouraged. They must not match entries in the prohibited password dictionary. Reset—Required only if the password is compromised or forgotten. Multifactor—Encouraged in all but the least sensitive applications. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk Edited March 15 by Freee!! Removal of external link in text 1 Link to comment Share on other sites More sharing options...
Krapow Posted March 15 Share Posted March 15 Anyone that hacked my 24/7 account would get nothing more than loads of PM's from @Lemondropkid of ladyboys in various states of undress. Then loads of PM's from me back saying what he does in Hua Hin is up to him, but if he doesn't stop sending the naked pics i'm getting the Police involved. Apart from that, there's a lot more for a hacker to look at or steal! I'm sure Lemons would send pics of latest ladyboy squeezes to whomever anyway ... 7 Link to comment Share on other sites More sharing options...
Popular Post Lemondropkid Posted March 16 Popular Post Share Posted March 16 7 hours ago, Krapow said: Anyone that hacked my 24/7 account would get nothing more than loads of PM's from @Lemondropkid of ladyboys in various states of undress. Then loads of PM's from me back saying what he does in Hua Hin is up to him, but if he doesn't stop sending the naked pics i'm getting the Police involved. Apart from that, there's a lot more for a hacker to look at or steal! I'm sure Lemons would send pics of latest ladyboy squeezes to whomever anyway ... You Sir will be hearing from solicitors (Sue, Grabbit & Run) after this shocking libel. I shall ask them to show a little mercy as your imagination is running wild ahead of your bi-annual furtive Boystown trip. Poor Mr's Krapow clueless as to the cesspit of sleaze and degradation you'll be wallowing in. Thinking how nice it will be for you to have the latest Ranger's shirt from Tony's Candy Shop. Heartbreaking- I shall pray for your sanity on Sunday. We are all clean-living, churchgoers here in Hua Hin🙏 9 Link to comment Share on other sites More sharing options...
forcebwithu Posted March 16 Share Posted March 16 I believe the password reset on PA was in response to a few dormant accounts getting hacked. It was noticeable because there were spam posts from BM's who had many legitimate prior posts, but hadn't posted in several years before the spam posts started turning up. That doesn't appear to be an issue on 247, so no real reason to force BM's here to reset their passwords. 3 2 2 Link to comment Share on other sites More sharing options...
Popular Post fygjam Posted March 16 Popular Post Share Posted March 16 Years ago while working in IT, one particular client had a strict reset passwords monthly policy. The result, many desks with Post-it notes with the current password of the desk occupier. 2 6 Link to comment Share on other sites More sharing options...
ChiFlyer Posted March 16 Author Share Posted March 16 For me the downside of a hack is not necessarily the data immediately being accessed, but the chance that there is some additional personal info obtained that could be used as part of building an identity theft attack. 1 Link to comment Share on other sites More sharing options...
Trip Posted March 16 Share Posted March 16 4 hours ago, ChiFlyer said: For me the downside of a hack is not necessarily the data immediately being accessed, but the chance that there is some additional personal info obtained that could be used as part of building an identity theft attack. Yep, it is disturbing what someone can do with just an email address. It's important to have separate email addresses for financial v. social media accounts ... and different passwords. Plenty of YT videos about it. 1 1 Link to comment Share on other sites More sharing options...
Krapow Posted March 16 Share Posted March 16 7 hours ago, Lemondropkid said: You Sir will be hearing from solicitors (Sue, Grabbit & Run) after this shocking libel. I shall ask them to show a little mercy as your imagination is running wild ahead of your bi-annual furtive Boystown trip. Poor Mr's Krapow clueless as to the cesspit of sleaze and degradation you'll be wallowing in. Thinking how nice it will be for you to have the latest Ranger's shirt from Tony's Candy Shop. Heartbreaking- I shall pray for your sanity on Sunday. We are all clean-living, churchgoers here in Hua Hin🙏 4 Link to comment Share on other sites More sharing options...
Proffesor Posted March 17 Share Posted March 17 O.K. I admit to being a computer illiterate, but . . . . When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email. Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address" How am I supposed to do that ? It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration. 2 Link to comment Share on other sites More sharing options...
thegrogmonster Posted March 17 Share Posted March 17 17 minutes ago, Proffesor said: O.K. I admit to being a computer illiterate, but . . . . When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email. Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address" How am I supposed to do that ? It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration. Did yo get an email from PA? If so scroll down to the bottom of the email and there should be a link there that takes you to the forum to reset your password. 2 Link to comment Share on other sites More sharing options...
forcebwithu Posted March 17 Share Posted March 17 1 hour ago, Proffesor said: O.K. I admit to being a computer illiterate, but . . . . When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email. Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address" How am I supposed to do that ? It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration. That sounds different from the email I received. Below is a screenshot of what I received. When I clicked on the Set Password button it took me to a PA reset password screen. There I entered a new password twice and I was back on PA. If this doesn't help, send me a PM with your Addicts board name and your email address. I'll send that on to the Addicts mods who can then help you with getting your password reset. 1 Link to comment Share on other sites More sharing options...
Stillearly Posted March 17 Share Posted March 17 ^ Mine was in my junk folder 1 Link to comment Share on other sites More sharing options...
ChiFlyer Posted March 17 Author Share Posted March 17 My experience was very much like what FBW described. It took a couple of minutes and I was on my way again. 1 Link to comment Share on other sites More sharing options...
Proffesor Posted March 18 Share Posted March 18 Click on "Verify Your Email" 1 Link to comment Share on other sites More sharing options...
Scottie Posted March 18 Share Posted March 18 I still can,t get into my account. 1 1 Link to comment Share on other sites More sharing options...
Recommended Posts