We got hacked. The hacker had access to everything on the whole damn server, including the password list. So unless you want somebody using your screen name to start posting obscene limericks in Gaelic, we advise changing your password. There’s an announcement in each forum that talks about this - click on it for detailed instructions if you’re not clear on the procedure.
Arnold, it is unclear to any of us whether the password file was re-accessed after the first outage, but changing your password is a 10-second operation that costs nothing. Not changing it is a zero-second operation that potentially could be bad for you. I re-changed mine.
Okay, I changed my password again. But I don’t think I need to change my email adress because I use a different password there. I use different passwords EVERYWHERE.
If you think you need to change your password every time you post, I’m pretty sure you’re over-reacting.
On the other hand, paranoia is justified if they really are out to get you.
Except that I’m the kind of idiot that uses the same password everywhere, so I went ahead and spent an hour changing all my passwords. Now I have to go do it again!?! :mad:
Nah. Just ours. Before you do it, kill the cookies (in the preferences screen). When you’ve changed it, go back to preferences and choose the option to store the username and password. When you post, the password should fill itself in. Then you don’t have to remember it at all. You just have to write it down somewhere so you can re-enter it if you or the board has a cookie problem in the future.
Sterling, I don’t think you have to go change your email addy, but if you used the same password for the email and the board, you will want to change the password. Also, if you start getting any weird emails, let us know.
manhattan, what I mean is that on the 23rd I changed my password for SDMB, but I also changed the password that I use (for example) to order books from a large on-line merchant, so if someone could guess my username with the large on-line merchant, they would know my password, since the password I use for SDMB is the same password that I use for any web-based account. Though the chances of someone going to all that trouble are pretty slim.
Again, :mad:
I know how you feel Arnold. I just finished changing my password on 17 sites. I guess I should be using different passwords everywhere but… How the heck am I supposed to remember a different password for every site I access. (23, if I found all of them, plus my two ISPs and two personal domains)
“Drink your coffee! Remember, there are people sleeping in China.”
It’s never a good idea to have the same password on everything you use.
Think of it this way: a potential hacker has a piece of information about you. If that information is good in more than one place, then your security is STILL compromised.
That’s exactly the way I feel! I also have “accounts” at a lot of web sites! Plus I go to some websites and sign up to see what it’s like, and then I might decide it’s not that interesting and not go there for a couple of months. But I used to like the fact that when I returned I would know my password.
I guess what I will do is divide my web accounts into two groups:
a) Those often used and those having financial information;
b) Those that I join for a “lark.”
The ones in group a) will be maintained in a list and the password frequently changed.
(answering my own question) I see passwords are still stored in cleartext. I’d recommend an immediate change to this policy; store passwords encrypted; allow users to request a password change, but not to request their password.