Password Security

This topic contains 17 replies, has 6 voices, and was last updated by  KitKatKitty 1 week ago.

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • #215490

    I had a notification via email that someone tried to change my Female Forum user password twice. I don’t know why, but someone did.

    This is just a warning to everyone to be on their guard with passwords and whom they share them with. Use a strong password, bascially. Security online is crucial. I may never know who tried to hack my FF account, but they did try.

    Just a heads-up.

    #215503

    I got exactly the same thing.

     

    thanks for the warning

    #215508

    I got no such email.  Could this have possibly been a fake email, designed to take you to an impostor site?

    If not, let my question serve as a warning that such things do happen.  I get them all the time from impostors telling me that my Amazon Prime payment has been declined or some such nonsense to goad me into clicking a link to a fake website which will prompt me for my credentials.

    #215528

    I just receive the email myself…odd, for sure.

    #215542

    I have not looked but will do at some point. I do wonder when I occasionally notice a flood of new members who never seem to post anything. Some kind of automated hacking?

    #215553

    honestly, I have wondered about that myself too.

     

    but: I’d like to think that isn’t the case and that hackers arn’t welcome on here

    #215561

    I received another email saying someone tried to reset my password. But I have not fallen for it: TestDummyC opened my eyes to a potential scam. I won’t fall for it. And I’d advise anyone do the same. It could very well be a trick.

    Thank you, TestDummyC: your warning about a scam has saved my bacon. I hope it saves other users bacon, too.

    • This reply was modified 4 weeks ago by  KitKatKitty.
    #215570

    staff, do you have anything to say re: this post?

    #215602

    Kitty, I don’t think it’s a scam, per se.  I think, it’s an auto-generated message that goes out to anyone requesting a password change.  The email does say to ignore it if you didn’t request it.  Also, the email headers and links do point to this site.  Like others have said, I wonder if someone is trying to pwn us by requesting password changes sent to another email account.

    Here’s an interesting site that can be used to check your email account to see if you’ve been pwned:

    https://haveibeenpwned.com

    Just enter your email address, and it will tell you how many breached sites are associated with that email account.

    I just entered the email account I use for this site, and received the following message:

    Oh no — pwned!
    Pwned on 1 breached site and found no pastes (subscribe to search sensitive breaches)

     

    Clicking on “pastes” gives me the following definition:

    A “paste” is information that has been “pasted” to a publicly facing website designed to share content such as Pastebin. These services are favoured by hackers due to the ease of anonymously sharing information and they’re frequently the first place a breach appears.

    HIBP searches through pastes that are broadcast by the @dumpmon Twitter account and reported as having emails that are a potential indicator of a breach. Finding an email address in a paste does not immediately mean it has been disclosed as the result of a breach. Review the paste and determine if your account has been compromised then take appropriate action such as changing passwords.

    I’ll report this post to admin with the explanation that we have questions about this strange activity.

    • This reply was modified 4 weeks ago by  TestDummyCO.
    #215608

    I just conducted a test:

    I signed out, displayed the home page, entered my username, and selected “Forgot your password?”

    I was then prompted for a username or email address.

    1. If someone enters their own email address, and they’re not a member, the email address is invalid, and no email is sent.
    2. Any non-member can find our usernames on the home page. If someone does manage to enter one of our usernames, we receive  the aforementioned password change request notification.

    Either way, someone trying to hack our accounts will be unsuccessful.

    There must be something else generating these emails, as I received another one today (not the one I just generated).

    I’ve reported the thread, asking for Martin’s comment.

    1 member liked this post:
    #215760

    Thank you, TestDummyC.

    You’re a genius.

    #216537

    I am bumping this thread to the top

     

    this happened to me again, and I am no longer amused by it (33 password reset emails)

     

    the only way I can think of to stop these is to set myself as no mail on this site.

     

    but then I’ll miss out on new replies. sooooooo. I guess not

    1 member liked this post:
    #216566

    the only way I can think of to stop these is to set myself as no mail on this site.

    I don’t think that will work, anyhow.  The email settings appear to be about those notifications generated by forum participants and not those generated by password change requests.

    #216568

    I just check on the ‘view new posts’  on the ‘Forums’ tab when I log on. As I tend to visit daily it’s easier and there are longer time periods too.

    #216580

    thanks for the suggestion of the new post feature.

     

    I may start using that

Viewing 15 posts - 1 through 15 (of 18 total)

Get involved in this discussion! Log in or register now to have your say!