PA Password Resets - Good idea here?

[ChiFlyer]

@tommy dee, @Stillearly and other admins.

I believe that a significant percentage of the 24x7 BMs are also PA BMs. PA is requiring that their members reset their passwords due to an increase in recent hacks and other security concerns. I believe that I have read that PA and 24x7 are sister brother organizations and there is some overlap with regard to tech support.

I am not advocating to do the password reset process at 24x7, but I wonder if it makes some sense.

• 24x7 has a smaller user base, who tend not to be the same type of young Turks that make up much of the larger community at PA. Assumption is that young Turks tend to engage in more dangerous internet activities (security wise) that might lead to hacks etc.
• At the same time 24x7 could be regarded as a prurient interest site that could attract hackers for various reasons, especially since our fraternal organization has obviously been hacked.

I am not advocating one way or the other, just looking for others opinions. I do not want to push for what might be useless work by anyone.

tia,

CF

Edited March 15 by ChiFlyer

[Krapow]

@Stillearly's an Admin, Jesus Christ we're doomed now I tells ya!

I don't see any need or issue with password changes here TBH.

If people want to change their password they can, at any time. I'm fine with mine. 

I personally don't use PA, I don't use any other Thai forum but this one. 

[Nightcrawler]

10 minutes ago, ChiFlyer said:

@tommy dee, @Stillearly and other admins.

I believe that a significant percentage of the 24x7 BMs are also PA BMs. PA is requiring that their members reset their passwords due to an increase in recent hacks and other security concerns. I believe that I have read that PA and 24x7 are sister brother organizations and there is some overlap with regard to tech support.

I am not advocating to do the password reset process at 24x7, but I wonder if it makes some sense.

• 24x7 has a smaller user base, who tend not to be the same type of young Turks that make up much of the larger community at PA. Assumption is that young Turks tend to engage in more dangerous internet activities (security wise) that might lead to hacks etc.
• At the same time 24x7 could be regarded as a prurient interest site that could attract hackers for various reasons, especially since our fraternal organization has obviously been hacked.

I am not advocating one way or the other, just looking for others opinions. I do not want to push for what might be useless work by anyone.

tia,

CF

I wasn't aware that Stillearly was Admin here. I would have no objection if he were, but would not like to be last to know😄

I personally don't think there is any reason at present for members to change their passwords. As far as I aware, we have never been hacked. 

Whatever PA may decide to is up to them. 

[ChiFlyer]

Just now, Nightcrawler said:

I wasn't aware that Stillearly was Admin here. I would have no objection if he were, but would not like to be last to know😄

I personally don't think there is any reason at present for members to change their passwords. As far as I aware, we have never been hacked. 

The @Stillearly promotion was obviously my misunderstanding. All apologies, especially to @Stillearly who is probably not looking for additional work. 🙂

I think I will change my password, just to feed my security paranoia, which has benefited me a few times.

[boydeste]

As previously said, if you feel the need to change your password, it is easy to do yourself. 

I personally hate password change enforcement,  because I then have to remember what I changed it to.

Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one.

 

Edited March 15 by boydeste

[Nightcrawler]

Just now, boydeste said:

As previously said, if you feel the need to change your password, it is easy to do yourself. 

I personally hate password change enforcement,  because I then have to remember what I changed it too.

Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one.

 

Yes, it should be a voluntary issue rather than being enforced 

[boydeste]

As for @Stillearly being admin, he is probably choking on his cocktail right now reading this with the thought of going back to work. 

 

[ChiFlyer]

5 minutes ago, Nightcrawler said:

Yes, it should be a voluntary issue rather than being enforced 

Agreed and I have changed mine to a much stronger one.

[ChiFlyer]

9 minutes ago, boydeste said:

As previously said, if you feel the need to change your password, it is easy to do yourself. 

I personally hate password change enforcement,  because I then have to remember what I changed it to.

Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one.

 

I do not enjoy changing my passwords, but do so on a regular basis. I was a consultant for the US IRS for 5 years. The rules on password changes were insane, but it did goad me into developing a complex system of passwords that are memorable.

[Stillearly]

I just came out in a cold sweat  ... 😅

[Freee!!]

23 minutes ago, boydeste said:

As previously said, if you feel the need to change your password, it is easy to do yourself. 

I personally hate password change enforcement,  because I then have to remember what I changed it to.

Was my biggest hate in my last job, where due to the security access risk, we had to change it every month on 3 different systems and you can't reuse a previous one.

That password change policy is against NIST guidelines as it leads to passwords that are easier to remember and as such easier to crack.

Quote

The password requirement basics under the updated NIST SP 800-63-3 guidelines are:

• Length—8-64 characters are recommended.
• Character types—Nonstandard characters, such as emoticons, are allowed when possible.
• Construction—Long passphrases are encouraged. They must not match entries in the prohibited password dictionary.
• Reset—Required only if the password is compromised or forgotten.
• Multifactor—Encouraged in all but the least sensitive applications.

https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk

Edited March 15 by Freee!!
Removal of external link in text

[Krapow]

Anyone that hacked my 24/7 account would get nothing more than loads of PM's from @Lemondropkid of ladyboys in various states of undress.

Then loads of PM's from me back saying what he does in Hua Hin is up to him, but if he doesn't stop sending the naked pics i'm getting the Police involved.

Apart from that, there's a lot more for a hacker to look at or steal!

I'm sure Lemons would send pics of latest ladyboy squeezes to whomever anyway ...

[Lemondropkid]

7 hours ago, Krapow said:

Anyone that hacked my 24/7 account would get nothing more than loads of PM's from @Lemondropkid of ladyboys in various states of undress.

Then loads of PM's from me back saying what he does in Hua Hin is up to him, but if he doesn't stop sending the naked pics i'm getting the Police involved.

Apart from that, there's a lot more for a hacker to look at or steal!

I'm sure Lemons would send pics of latest ladyboy squeezes to whomever anyway ...

You Sir will be hearing from solicitors (Sue, Grabbit & Run) after this shocking libel.

I shall ask them to show a little mercy as your imagination is running wild ahead of your bi-annual furtive Boystown trip.

Poor Mr's Krapow clueless as to the cesspit of sleaze and degradation you'll be wallowing in. Thinking how nice it will be for you to have the  latest Ranger's shirt from Tony's Candy Shop.

Heartbreaking- I shall pray for your sanity on Sunday. We are all clean-living, churchgoers here in Hua Hin🙏

[forcebwithu]

I believe the password reset on PA was in response to a few dormant accounts getting hacked. It was noticeable because there were spam posts from BM's who had many legitimate prior posts, but hadn't posted in several years before the spam posts started turning up. That doesn't appear to be an issue on 247, so no real reason to force BM's here to reset their passwords.

[fygjam]

Years ago while working in IT, one particular client had a strict reset passwords monthly policy.

The result, many desks with Post-it notes with the current password of the desk occupier.

 

[ChiFlyer]

For me the downside of a hack is not necessarily the data immediately being accessed, but the chance that there is some additional personal info obtained that could be used as part of building an identity theft attack.

[Trip]

4 hours ago, ChiFlyer said:

For me the downside of a hack is not necessarily the data immediately being accessed, but the chance that there is some additional personal info obtained that could be used as part of building an identity theft attack.

Yep, it is disturbing what someone can do with just an email address. It's important to have separate email addresses for financial v. social media accounts ... and different passwords. Plenty of YT videos about it.

[Krapow]

7 hours ago, Lemondropkid said:

You Sir will be hearing from solicitors (Sue, Grabbit & Run) after this shocking libel.

I shall ask them to show a little mercy as your imagination is running wild ahead of your bi-annual furtive Boystown trip.

Poor Mr's Krapow clueless as to the cesspit of sleaze and degradation you'll be wallowing in. Thinking how nice it will be for you to have the  latest Ranger's shirt from Tony's Candy Shop.

Heartbreaking- I shall pray for your sanity on Sunday. We are all clean-living, churchgoers here in Hua Hin🙏

 

[Proffesor]

O.K. I admit to being a computer illiterate, but . . . . 

When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email.

Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address"

How am I supposed to do that ?

It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration.

 

 

[thegrogmonster]

17 minutes ago, Proffesor said:

O.K. I admit to being a computer illiterate, but . . . . 

When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email.

Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address"

How am I supposed to do that ?

It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration.

 

 

Did yo get an email from PA? If so scroll down to the bottom of the email and there should be a link there that takes you to the forum to reset your password.

[forcebwithu]

1 hour ago, Proffesor said:

O.K. I admit to being a computer illiterate, but . . . . 

When I go to P.A. I get a banner saying "Change your Passwords via your registered email address ". So I click on that and get a message saying to check my email.

Do that and find "Click the link below to verify your email". So I click on that and get "Change your passwords please via your registered email address"

How am I supposed to do that ?

It's almost as if they're trying to cull the heard by making it so difficult to achieve re-registration.

That sounds different from the email I received. Below is a screenshot of what I received. When I clicked on the Set Password button it took me to a PA reset password screen. There I entered a new password twice and I was back on PA.

If this doesn't help, send me a PM with your Addicts board name and your email address. I'll send that on to the Addicts mods who can then help you with getting your password reset.

[Stillearly]

^ Mine was in my junk folder 

[ChiFlyer]

My experience was very much like what FBW described. It took a couple of minutes and I was on my way again.

[Proffesor]

Click on "Verify Your Email"

[Scottie]

I still can,t get into my account.