# Changed Passwod



## VegasN (Mar 14, 2016)

So, what's the deal with changing passwords without warning? I get an email stating my password has already been changed by administrator?


----------



## Big Ed (Jun 16, 2009)

VegasN said:


> So, what's the deal with changing passwords without warning? I get an email stating my password has already been changed by administrator?


Do you see the numerous threads on this subject?
One is a sticky thread.

Take your pick.


----------



## gunrunnerjohn (Nov 10, 2010)

Attention - Upcoming Password Changes


----------



## Shdwdrgn (Dec 23, 2014)

Yeah, I hate to say it, but until I received the email this morning I also had not noticed any of the other notes about it.


----------



## Stultus (Mar 24, 2014)

Isn't 10+ characters + a Capitol + a special character just a bit too much?

Really... that's a bit overkill - and I'm speaking as an IT professional.
For guarding credit card/SSN or other privacy important sites, sure... but not for model train stuff.

/the terrorists have won


----------



## gunrunnerjohn (Nov 10, 2010)

For you, maybe. However, many people have fallen into the habit of using the same password on multiple sites, so when a password gets compromised, it doesn't just compromise one site, but potentially many sites.

I don't bother to go crazy guarding my SSN, the US Government in it's infinite wisdom has used it as my Medicare ID, so zillions of people already have it! 

BTW, you forgot a number as well.


----------



## Big Ed (Jun 16, 2009)

gunrunnerjohn said:


> For you, maybe. However, many people have fallen into the habit of using the same password on multiple sites, so when a password gets compromised, it doesn't just compromise one site, but potentially many sites.
> 
> I don't bother to go crazy guarding my SSN, the US Government in it's infinite wisdom has used it as my Medicare ID, so zillions of people already have it!
> 
> BTW, you forgot a number as well.


Well when I send the message that I forgot the password the site sent me a new one to use.
ALL NUMBERS!?


----------



## gunrunnerjohn (Nov 10, 2010)

Didn't you have to change it the first time you logged in?


----------



## Big Ed (Jun 16, 2009)

gunrunnerjohn said:


> Didn't you have to change it the first time you logged in?


No, but I did.


----------



## gunrunnerjohn (Nov 10, 2010)

Very odd...


----------



## Shdwdrgn (Dec 23, 2014)

The thing is, I've never seen a case of a bot going around to all the different forums (and there are literally tens of thousands of them) and working through a list of known usernames and passwords. Usernames are NOT unique, so there's not even a guarantee that the same username on two different forums is the same person. So if a bot were created to try and exploit a known list of usernames and passwords, they would have to visit a large number of websites, spend multiple seconds testing each possibility, and just maybe they'll eventually come up with a match. And what is their prize for all this hard work? A day or two of pushing spam to a forum before the account is locked or the password is changed. Yippee? Anyone trying to crack a password is going for the gold -- they want an actual user account on a server, not just a virtual account on a forum.

There's also the theory that requiring recurring password changes only provokes people to use easier passwords over time. And requiring the combination of case, numbers, and symbols doesn't make it any harder for a bot to guess a password -- in fact when this is required then substitutions of 0/o, 1/i, 4/a, etc are quite common and just included in the standard cracking routines (check out 'John the Ripper').

This about sums up the state up password requirements....


----------



## norgale (Apr 4, 2011)

El Toro Poohpooh! What's the big deal for a hobby site? They gonna steal my plans for a new layout? It's just aggrivating ,that's all.


----------



## time warp (Apr 28, 2016)

Yeah, I had double fun! I was fighting with my droid all morning and then I went into the office to get on my laptop and found it had loaded windows 10! So with our "speed O' molasses" net I got to pound through that to get 7 back, and then the password debacle! Oh, the humanity! What a relaxing friday:smilie_daumenneg:


----------



## Big Ed (Jun 16, 2009)

time warp said:


> Yeah, I had double fun! I was fighting with my droid all morning and then I went into the office to get on my laptop and found it had loaded windows 10! So with our "speed O' molasses" net I got to pound through that to get 7 back, and then the password debacle! Oh, the humanity! What a relaxing friday:smilie_daumenneg:



It is good to keep busy. Keeps the brain sharp.


----------



## time warp (Apr 28, 2016)

Big Ed said:


> It is good to keep busy. Keeps the brain sharp.


I have just cut your private car out of my consist :hah:


----------



## sanepilot (Mar 11, 2012)

*fiasco*

My opionon on this. It has to be the funniest damn thing I ever incurred. I changed my password when it was announced 3 days ago trying to be nice,got a good to go and it didn`t work. and I`ve had it changed by admin twice in two days,after a not so nice email from me. Thanks to whoever got it fixed for me.. I guess the third time is the charm. Methinks they need a computer techinican. or teach the one they have how to run their computers.

No offence to anyone intended. If so,I apologize.
Toughen up people the best is yet to come

My story and I`m stickin to it,Everett


----------



## RonthePirate (Sep 9, 2015)

Grrrr.......even out pirate sites have easier security than this.
I just was caught off guard, that's all. Didn't expect the p/w thing to start this quick.
I used three out of five attempts.


----------



## rogruth (Mar 6, 2012)

My bank makes me change every 3 or 4 months, I don't remember.The only thing I check at the bank is our balance.
We don't do anything else so the password is written down and taped next to the computer. So is the new MTF password.
Oh, we don't have smart phones and our cell phone, singular, is still referred to by my wife as "the car phone". No kidding.


----------



## flyernut (Oct 31, 2010)

It took me 5 tries to finally get in, and then when I wanted to change the password it won't let me. This happened the last time I got the message to change passwords.. I almost opted out of the forum because I just couldn't get the darn thing to work. What's the word here???...SNAFU....FUBAR???:smilie_daumenneg:


----------



## rogruth (Mar 6, 2012)

I didn't like needing to change my password, I'm an old guy and set in my ways, but I had absolutely no problems on the first try.


----------



## time warp (Apr 28, 2016)

rogruth said:


> I didn't like needing to change my password, I'm an old guy and set in my ways, but I had absolutely no problems on the first try.


Mine wouldn't go, so I changed it and it went, but I had to use my phone. My problem was due to my garbage internet I'm sure.


----------



## johnS (Apr 15, 2016)

this password thing is too much. all my banking and credit cards do not have this much of a password. I choose passwords so I can log on easily with something I remember. now I have to make something up that I won't remember. I THINK NOT! good bye all, too much for a discussion forum, who cares if I get hacked?


----------



## VegasN (Mar 14, 2016)

I have looked around the forums. I must be missing the several threads that passwords will be changed, because, I don't see them......


nvm.......found them......once all the ads stopped bouncing the screen around......


----------



## sjm9911 (Dec 20, 2012)

http://api.viglink.com/api/click?fo...alopnik.com/45-million-accou...r-f-1782030203 resonance is here. Site was hacked.


----------



## NAJ (Feb 19, 2016)

I just logged in and changed my password back to what it was with just a couple of symbols added.


----------



## gregc (Apr 25, 2015)

i'm seeing quite a few spam threads from users such as Time Warner, American Egg Board and Westin Hotels and Resorts.

Is this because someone hacked the passwords for "our" user IDs or are these new legitimate accounts created by 'bots? 

If its new user accounts, forcing everyone to change their passwords isn't going to help. They need to deal prevent 'bots from creating user accounts. Is it possible that all forums sites such as this "powered by vBulletin" are vulnerable?


----------



## Frisco Firefly (May 17, 2012)

gregc said:


> i'm seeing quite a few spam threads from users such as Time Warner, American Egg Board and Westin Hotels and Resorts.
> 
> Is this because someone hacked the passwords for "our" user IDs or are these new legitimate accounts created by 'bots?


The only time I see those sponsored ads is when I am not logged on.

Gunrunnerjohn is selling those ads and posting them so he can get more money for being a moderator. :laugh::laugh::laugh:

Sorry John. The devil made me do it.


----------



## raleets (Jan 2, 2011)

Simply install Ad Blocker (free) and the #@*&# ads will go away.
Worked for me......I'm NEVER bothered with pop-up ads anymore.
Bob


----------



## time warp (Apr 28, 2016)

I did see the notice concerning the password change, I just hadn't had the time to mess with it. I will say that wed. night late I was PMg a member and when I hit send I got a nasty hacked warning that locked up my phone and put it in " vibrate" for about 10 minutes. It took a while to back out of it.
It's a pain in the neck, but I appreciate the efforts made here to try to keep things cleaned up.


----------



## Big Ed (Jun 16, 2009)

sjm9911 said:


> http://api.viglink.com/api/click?fo...alopnik.com/45-million-accou...r-f-1782030203 resonance is here. Site was hacked.


You must have added the link wrong? Nothing shows.
http://jalopnik.com/45-million-accou...r-f-1782030203


----------



## sjm9911 (Dec 20, 2012)

gregc said:


> i'm seeing quite a few spam threads from users such as Time Warner, American Egg Board and Westin Hotels and Resorts.
> 
> Is this because someone hacked the passwords for "our" user IDs or are these new legitimate accounts created by 'bots?
> 
> If its new user accounts, forcing everyone to change their passwords isn't going to help. They need to deal prevent 'bots from creating user accounts. Is it possible that all forums sites such as this "powered by vBulletin" are vulnerable?


It's not possible, they are , read the link ed fixed that I posted. It's outdated technology.


----------



## gunrunnerjohn (Nov 10, 2010)

Well, the older versions are a bigger issue, we're running on version 3, and the current version is version 5!


----------



## time warp (Apr 28, 2016)

I just wish the modeling threads were this busy!


----------



## gunrunnerjohn (Nov 10, 2010)

gregc said:


> If its new user accounts, forcing everyone to change their passwords isn't going to help. They need to deal prevent 'bots from creating user accounts. Is it possible that all forums sites such as this "powered by vBulletin" are vulnerable?


It's not really possible here. I review every new account before they get to post. You can't sign up here without admin intervention nowadays, that was to stop all the spam we were getting a couple years back.

If you're having some sort of issue with SPAM, please be specific as to details, and we can always use pictures and/or links if appropriate. Given some detail, we can see what is happening.


----------



## sanepilot (Mar 11, 2012)

*password change*

Hi all,I gotta question,John. I had trouble changing passwords as you know.When I got the security code,who gave it to me was a progressive insurance ad and Flo spoke the code to me.I put it in and got the numbers you sent me to work. Was this normal,not for me. I`m sitting here looking at a blank monitor with only MTF on it.Now my question is: Do i keep the numbers or do I change them.I don`t want what I just went thru to change again[too much trouble]I had trouble with Google and got them fixed so far.Third party snoopers I gave up on them.Of all things,I used Win 10 to straighten google out. hwell: Interesting Life,isn`t it great.

Thanks,have a great sunday,Everett


----------



## gunrunnerjohn (Nov 10, 2010)

Huh?


----------



## Lester Perry (Nov 7, 2008)

I finally gave my browser the password you gave me. I works for now


----------



## rogruth (Mar 6, 2012)

Haven't participants on MTF ever needed to change passwords anywhere before?
It may be a nuisance but it really isn't very hard to do IMHO.


----------



## tr1 (Mar 9, 2013)

*Pass word alterations*

My password was modified, I followed the directions, and now everything is working to my satisfaction at this time. I just do not understand why was my password was modified?? In the first place :dunno:


----------



## gregc (Apr 25, 2015)

gunrunnerjohn said:


> If you're having some sort of issue with SPAM, please be specific as to details, and we can always use pictures and/or links if appropriate. Given some detail, we can see what is happening.


John,
try looking at a forum page without being logged in.

on the Technical Model Train Forum I currently see

Coupler Help - Single Driver Steam
Botherly Love For Eggs ... - *American Egg Board*
7 Lesser Known Museums ... - *Toyota RAV4 Hybrid*
Introduction to Arduino part 3 ... Shddrgn


----------



## gunrunnerjohn (Nov 10, 2010)

There's a different presentation when you aren't logged in. I truthfully spend very little time worrying about that as anyone posting here is already a member. Since you're obviously a member, why is the forum appearance when you don't log in a problem?


----------



## Cycleops (Dec 6, 2014)

I ve changed my password as directed and everything is working well apart from the fact I'm getting no email notifications of new posts in threads I have posted on. Can't see where to turn this on again.


----------



## gunrunnerjohn (Nov 10, 2010)

That seems to happen periodically for no apparent reason. I'm not getting any alerts for the last couple of days either.


----------



## gregc (Apr 25, 2015)

gunrunnerjohn said:


> Since you're obviously a member, why is the forum appearance when you don't log in a problem?


problem? I suggested that the odd threads may have been the reasons for changing passwords. You asked for specifics and I provided some.

But now I need to log in each time I visit and get to see these "ad" threads each time I visit.


----------



## gunrunnerjohn (Nov 10, 2010)

I don't understand the "login each time" comment. I login once and that lasts until I specifically log out. If you clear all your cookies all the time, that would explain it. Try white-listing the modeltrainforum.com cookies.


----------



## gregc (Apr 25, 2015)

gunrunnerjohn said:


> I don't understand the "login each time" comment.


i'll open 4 modeltrains forums at once, then go back and read them. Near the top right corner of the page is a box with "User Name" and "Password" or "Welcome, gregc". 

When I just did this, two of the forums came up with Welcome and the other two with User Name, including this one, "General Model Train Discussion", which I had assumed meant I wasn't logged in. And yes, those with "User Name" had the sponsored Posts. But when I selected this thread under the "General" forum that showed "User Name", that box showed "Welcome, gregc" ?? 

After fiddling with this as I write it, I think now that I've had to change my password, I now have to log into each forum with the new password and click the box that says remember me.

Ideally, things like updating a password should not cause changes in behavior. But different web sites handle things differently and users start asking questions.

is it a problem? No.

Is it annoying? I count 3 threads on passwords and this thread has 5 pages of comments.

was there ever an explanation for why we needed to update our passwords?


----------



## gunrunnerjohn (Nov 10, 2010)

Posted a few days ago by VerticalScope.

Attention - Password and Security Update


----------



## Big Ed (Jun 16, 2009)

gregc said:


> problem? I suggested that the odd threads may have been the reasons for changing passwords. You asked for specifics and I provided some.
> 
> But now I need to log in each time I visit and get to see these "ad" threads each time I visit.


Greg, do you log out when you leave the site? Or did you log out before all of this came around?

I always log out then have to log back on when I come back? 

Ads? I see none even when I am not logged on, except the for 4 down the bottom, that is when I am not logged on I see none but them.
Do you see the ads when you are logged on too?

You running an ad blocker?


----------



## Big Ed (Jun 16, 2009)

sanepilot said:


> Hi all,I gotta question,John. I had trouble changing passwords as you know.When I got the security code,who gave it to me was a progressive insurance ad and Flo spoke the code to me.I put it in and got the numbers you sent me to work. Was this normal,not for me. I`m sitting here looking at a blank monitor with only MTF on it.Now my question is: Do i keep the numbers or do I change them.I don`t want what I just went thru to change again[too much trouble]I had trouble with Google and got them fixed so far.Third party snoopers I gave up on them.Of all things,I used Win 10 to straighten google out. hwell: Interesting Life,isn`t it great.
> 
> Thanks,have a great sunday,Everett


Flow spoke to you?  (thanks for the laugh, every time I read it I laugh.) ( Johns reply too.) :laugh:
That is the security box they use when you are not logged on to make sure you are not a Bot. Were you logged on when you got the box with Flow?





gunrunnerjohn said:


> Huh?


John....you having fun?

One note about the security box when you are not logged on and say you want to use the search feature. 
For the heck of it yesterday I tried and the code that was shown in the box was unreadable.
No problem? 
I refreshed the code to get another I could read. 
Wrong, I refreshed 10 times and they were all unreadable? Not even a hacker could read them.

Normally you get the box that Sane was talking about with Flow, and the code is progressive insurance.

Now today I tried it again while not logged on and I got a very plain code I could understand to put in. Maybe this was a glitch and they fixed it?

Sane....you don't have to listen to Flow, just click the box and it shows the code without listening.

Sane, what was the problem with google? When you googled did you just come up with a blank box? No googling was done? 
If you had clicked images that would work, but the web search came up blank?


----------



## gregc (Apr 25, 2015)

Big Ed
I never log out

they are listed as threads not ads

i don't believe I'm running an ad blocker


----------



## rogruth (Mar 6, 2012)

gunrunnerjohn said:


> That seems to happen periodically for no apparent reason. I'm not getting any alerts for the last couple of days either.


I have not had any problems getting alerts. 
When I received the one that directed me to create a new password I did and there has been no interruption.
I must admit that I really don't understand the reason for the password change but I did it and have not had any problems.


----------

