Mazda CX-3 Forum banner

1 - 10 of 10 Posts

·
Administrator
Joined
·
140 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
6 Posts
I am all for high security, when necessary. However I think many users will agree with me that the new password requirements are a little too stringent. My passwords at work (in high security medical records type systems) don't even have to be this complex. I suggest at the very least making the requirement closer to 7 characters. 10 is a lot, especially for an internet forum with no real sensitive information.
 

·
Super Moderator
Joined
·
2,078 Posts
I'm not an expert but doesn't having a complex password reduce the chance of them hacking your computer?
 

·
Registered
Joined
·
166 Posts
I'm not an expert but doesn't having a complex password reduce the chance of them hacking your computer?
They can hack the site but it has nothing to with your home computer.If you have personal information on the site like a credit card number or a SS number then that is a different story.
If someone really wanted to hack this site it could be done easily by a hacker.
They could also use your password to put on spam or just post BS.
 

·
Registered
Joined
·
327 Posts
I use my facebook account to login. I haven't the faintest idea what my password is on this site. The user control panel requires that I enter my current password before I'm allowed to change it. Kinda hard to do when I don't know what that password is.
 

·
Registered
Joined
·
893 Posts
lol you guys think this requirement is complex? It's nothing really. Anyway, I recommend everyone use a password manager like LastPass, they're good, secure, and help you create new passwords for any website so that you don't reuse the same password over and over again. Also, you only have to remember one master password, and you can set up 2-factor authentication for added security.
 

·
Registered
Joined
·
221 Posts
I use my facebook account to login. I haven't the faintest idea what my password is on this site. The user control panel requires that I enter my current password before I'm allowed to change it. Kinda hard to do when I don't know what that password is.
If you've forgotten your password, it's probably best to request a password reset. This can be done by going to the following site :-

Mazda CX3 Forum - Lost Password Recovery Form

and entering the information requested. You'll be sent an e-mail to the address you enter, along with a temporary password and a reset password link. Click on that link and then create your new minimum 10 char password following the requirements shown below the password box. Confirm the new password and also enter the temporary one supplied in the e-mail. Hopefully will then be logged on succesfully.

I did find I couldn't then log on again using the new password I'd created but followed the above procedure again and has been fine since.
 

·
Administrator
Joined
·
140 Posts
Discussion Starter #9
Hey guys,

I apologize for the lack of contact form us.
We are swamped with many sites, though that is no excuse.

I just want to post here to shed a little more light on the situation, at least as much as we can provide at the moment.

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

As for us not responding to members, you have to understand our community support team watches over many sites. Luckily this week and last, we have had many members from other teams offer help. With that said all emails sent to our Contact Us email will be dealt with. Granted, it may take a little time for us to get to all of them, but please be patient with us as we are working really hard to catch up and help everyone.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
 

·
Registered
Joined
·
450 Posts
It is probably a good idea to get a password manager (I use 1Password for the Mac). When you use it, it will store all the passwords that you use so all you need is one password that will unlock the password manager and you have access to all the different passwords that you use. It will insert the correct password for the different web sites automatically. But you need to make the one password for the manager as complex and hard to break as possible since it is all that stands guard over the other passwords. It is available for both the Mac and iOS systems.
 
1 - 10 of 10 Posts
Top