Attention - Password and Security Update [Archive] - Artist Forum

: Attention - Password and Security Update


ARTadmin
06-14-2016, 12:28 PM
Hey all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,
Helena
Community Management

Mel_Robertson
06-14-2016, 12:50 PM
https://media.giphy.com/media/hppWdK8gcmzXq/giphy-facebook_s.jpg

Susan Mulno
06-14-2016, 02:05 PM
Thanks for letting us know.

Liz
06-14-2016, 10:54 PM
Wow, this is only a forum, not Fort Knox. I don't like complicated passwords, I can never remember them.

just
06-15-2016, 07:38 AM
I'm old and have memory problems.

abt2k15
06-15-2016, 07:50 AM
number 1 reason for password insecurity is the user himself. kind of dumb and surplus change imho. so the only other method other than fishing someones
password ( malware and/ or shady websites ) left is brute force. to cope with brute force the key is length....

well anyway if it turns out to become too unconvenient for my taste i always have the option to not come back so letīs see how annoying it will get.


cheers

Cricket
06-16-2016, 09:17 AM
A good piece of advice, to help in remembering the more complex password, is to do a phrase instead of just randomly adding in the extra requirements.

Example: BoiledCabbageis#1!

That will stick in your in your mind better.

Mel_Robertson
06-24-2016, 11:08 PM
@AllAdmins is the SECURITY AND DATA BREACH NOTIFICATION - genuine ?
the link leads us to an auto sales website called verticalscope.com which is actually a referral URL for www.enom.com based in ONTARIO, very very strange...

Cricket
06-25-2016, 02:06 PM
@AllAdmins is the SECURITY AND DATA BREACH NOTIFICATION - genuine ?
the link leads us to an auto sales website called verticalscope.com which is actually a referral URL for www.enom.com based in ONTARIO, very very strange...

This site is owned by VerticalScope. It is not a referral URL, it is the company name and URL.

Check the Terms Of Use (http://www.verticalscope.com/aboutus/tos.php?site=artistforum.com) in the footer.

Mel_Robertson
06-25-2016, 04:58 PM
Yeah it's PLC registered as VerticalScope INC but VerticalScope.com is a referral URL of ENOM, INC which means our data is shared with, ENOM - but ENOM isn't mentioned in the TOS (See here (https://who.is/whois/verticalscope.com))
thats irrelevant I just wanted to know what was going on normally when a site loses their members personal data theres some kind of *******SORRY******* but I guess not in this case

Cricket
06-25-2016, 05:18 PM
I am not sure what you are asking. ENOM is just a domain registrar.

A domain name registrar is an organization or commercial entity that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry and/or a country code top-level domain (ccTLD) registry. The management is done in accordance with the guidelines of the designated domain name registries. https://en.wikipedia.org/wiki/Domain_name_registrar

Mel_Robertson
06-25-2016, 09:20 PM
I am not sure what you are asking.

I'm SHOCKED you don't know what I'm saying to you!
before I became successful as an artist I built social websites which had over 30.000 members and I see the community on here is amazing, the individuals I've come to get to know are not only great artists but beautiful people who share the most intimate details of their lives with the board and in return get great support.
and what do the owners get from the site? money, they get money reaped from adverts and all I asked is an acknowledgement a simple "sorry" for the mistrust in data loss, YOU lost OUR personal information, the terms we signed up to was a 2 way thing we ENTRUSTED YOU with our personal information.
just SAY SORRY
Edited:
the fact I have to point this out is absurd?

Cricket
06-25-2016, 10:04 PM
I'm SHOCKED you don't know what I'm saying to you!
before I became successful as an artist I built social websites which had over 30.000 members and I see the community on here is amazing, the individuals I've come to get to know are not only great artists but beautiful people who share the most intimate details of their lives with the board and in return get great support.
and what do the owners get from the site? money, they get money reaped from adverts and all I asked is an acknowledgement a simple "sorry" for the mistrust in data loss, YOU lost OUR personal information, the terms we signed up to was a 2 way thing we ENTRUSTED YOU with our personal information.
just SAY SORRY
Edited:
the fact I have to point this out is absurd?

My question was regarding your comment concerning ENOM. I was simply explaining that ENON is just a domain registrar.

Art Admin made an announcement back on the 14th here (https://www.artistforum.com/artistforum-com-help-desk/attention-password-security-update-33282/).

I am truly sorry that you are frustrated, I am too.

I will be moving these comments to that thread.

Liz
06-30-2016, 02:30 PM
I just want to say I do not like the new password requirements, by tomorrow I probably won't remember my new password so if you guys won't see me around you know why.

TerryCurley
06-30-2016, 06:17 PM
Write it down. I had to.

Liz
06-30-2016, 11:01 PM
Write it down. I had to.
I have a bunch of passwords written down and I end up shuffling through papers trying to find the right one for the right account, ha, ha. Anyway, several hours later and I still remember it (to my surprise). Maybe it will stick in my brain, I hope.

Desdichado
07-01-2016, 05:09 AM
I'm old enough to suffer memory loss so I bought a small diary that I keep near my pc at home. I just put anything to do with computer stuff in it. My wife does the same. Saves a lot of hassle. It's easy enough to disguise passwords if you wish,and nobody will need to know mine anyway, I'm not in charge of national security. :smile:

just
07-01-2016, 09:32 AM
I have a bunch of passwords written down and I end up shuffling through papers trying to find the right one for the right account, ha, ha. Anyway, several hours later and I still remember it (to my surprise). Maybe it will stick in my brain, I hope.


So you have already started studying for the password test?

Liz
07-01-2016, 07:19 PM
So you have already started studying for the password test?
Yup, and so far I'm passing, ha ha.

ARTadmin
07-04-2016, 12:29 PM
Hey all,

first off, personally, i love this forum. I do a lot of art when im not here at the office. :)
secondly, this is frustrating, and I am very sorry for the aggravation. in all transparency is concerned, we are legally obligated to change passwords after a breach has taken place. we have fixed our end of the breach but we still needed to issue a password reset regardless. If the requirements are too much right now, we can revisit this later and make things a bit easier, no problem. but for now, we are issuing these to get things resolved on all ends, and to help protect your accounts for the future.

I am more then happy to assist anyone here with any issues they have or answer questions, as well as resolve any issues with the transition. also, we can talk art while im doing so! again, I personally apologize. it was a third party breach, and came from an outside source. though its been resolved, we understand the need for an apology. here is the website that explains a little more on what is being done to fix things: http://www.verticalscope.com/about-us/security-update.html

let me know what you peeps need, Ill be happy to assist with it.

~Shane

Liz
07-04-2016, 07:55 PM
I understand the need to reset everyone's password because you system has been compromised but I don't understand or like being forced to make a complicated password, it's not like I'm logging into my bank account or anything like that.

ARTadmin
07-06-2016, 11:19 AM
I understand the need to reset everyone's password because you system has been compromised but I don't understand or like being forced to make a complicated password, it's not like I'm logging into my bank account or anything like that.

Hey liz,

First off, I love your pencil and ink work. you have great attention to detail, good perspective, and an overall good composition of shading, occlusion and control. love it. keep up the good work! :)

secondly, I understand its a bit over the top. But the password mandatory going out can be changed in the UserCP. you can change it to anything you like after its been reset. To answer the question about bank security, you have to keep in mind a few things here:

- Banks are held under a 128 - 256bit encryption system and are well protected server side.
- Encryptions are also changed constantly to keep it constantly changing making a breach next to impossible on the server side.

with all that in mind, let me ask you this. if I get a hold of your say 4-6 digit pin code for the bank machine, does that encryption really do much for you?

the password change is because the information taken was information that if you use the same password say for....online banking, or shopping, even a michaels online shopping account (art store here in Canada). if your credit information or bank info is tied there for online purchases. that one password can be used to buy/ make purchases, access online banking, do etransfers, etc etc. the list goes on and on.

For more information on the breach, check our website on what was taken and the "what you need to know" kind of thing: http://www.verticalscope.com/about-us/notice-of-data-breach.html

not trying to scare anyone, just the truth of it. again, you are more then welcome to change it to whatever you like once you get your temporary password, once the "dust settles" kind of thing, we will lessen it for you all if that is what you would like in the end. for now, please bare with us. we are doing this for the better, even though its a bit bittersweet.

trust me when i say, we had to do it as well. and i mean thousands of accounts. i know its a pain. just bare with us for now.

If you all need any further assistance, let me know :) or we can talk about art. but shhhh...don't tell my boss! ;)

cheers all, keep on arting.

~Shane