Jump to content

The New Account Security question

steve00

By steve00
in Feedback

Recommended Posts

steve00 Proficient

steve00

Posted
Posted

Am confused, am trying to change my password and am at the page to do so in my settings but what confuses me is where it states about local password:

Password

You can set a local password here. This will allow you to log in directly to the community and browse from your mobile device. This is optional and will not change how you currently log in

So if this does not affect how I currently login then am assuming I cannot change my password as seems this only applies to mobile device and is optional

Can someone please explain how am supposed to change password if this is for something different as that is what the text seems to suggest (in fact why change it to 'Local Password')

Link to comment
Share on other sites
  • Replies 71
  • Created
  • Last Reply
steve00 Proficient

steve00

Posted
  • Author
Posted

What email

I got email with new password.

I clicked link to take me to where enter password and fill out new security questions/answers.

then lets me enter forum

I then go to my settings (drop down in profile name)

then click Email & Password (as I do not want to use the password that was auto generated and sent to me)

So no idea why am taken to forum then to enter password and security questions/answers if am supposed to be in Client Area ???

Link to comment
Share on other sites
.Ian Veteran

.Ian

Posted
Posted

Can we have some more relevant questions please.

if you are an only child and not American and do not drive it does rather rule out most of the questions, and who knows what time they were born LOL Maybe it is something that is known over there, but I must have forgotten to post to facebook at the time to mention it ;)

It means having to make up answers, which will be easily forgotten,

Why not have father's middle name, mothers middle name, partners middle name, name of first school etc.

Link to comment
Share on other sites
  • Management
Lindy Grand Master

Lindy

Posted
  • Management
Posted

Q & A answers are case sensitive, that doesnt seem very user friendly!

That can be fixed.

well that might explained why could NOT login to same password had here from moment was changed !! would been nice be told and before say was in email never had one !!

I'm sorry, I'm having difficulty (language barrier?) determining whether or not you received the e-mail or if you are upset because you weren't warned in advance. We don't provide warning for security related events, for obvious reasons. We've had an increase in people who have used the same password on multiple big sites that were compromised. Attackers then simply take those passwords from other sites and try to use them here, then gain control of the license.

What email

I got email with new password.

I clicked link to take me to where enter password and fill out new security questions/answers.

then lets me enter forum

I then go to my settings (drop down in profile name)

then click Email & Password (as I do not want to use the password that was auto generated and sent to me)

So no idea why am taken to forum then to enter password and security questions/answers if am supposed to be in Client Area ???

Please forget about the settings on the community and use the client area. http://www.invisionpower.com/clients/ Make your password changes there. The e-mail mentioned nothing of the community and linked to the client area.

Ian - yes, we can add more questions.

Link to comment
Share on other sites
Steves Web Hosting Newbie

Steves Web Hosting

Posted
Posted

I've had it with IPS. First they assumed my password here was non-unique, then they forced me to endure a series of very badly designed and extremely annoying bullfaeces steps.

Email is completely insecure, sending a new password in email is IDIOTIC.

I do not know the model of my first car which I purchased 48 years ago.

I was called very many nicknames as a child

Most of the other questions were ambiguous.

My password already was secure, and it was much more complex than the stupid sequence of digits only that now resides on my email server, waiting to be hacked.

I WILL HANDLE THE SECURITY OF MY PASSWORDS

Foirtunately because I shopped at Pwnd Depot my credit card details are about to change, and I will not be able to enter it here because I gave bullfaeces answers to the bullfaeces security questions, so IPS please note the next time you try to bill my credit card it definitely will fail, and thanks to your very, very, very badly thought out security procedures I will not be able to change it.

Sayonara.

Link to comment
Share on other sites
iozay Enthusiast

iozay

Posted
Posted

I put in a few questions where I don't know the answer of as this was the only way for me to fill them in a way that others won't be able to guess the answers ^^' The issue is, I don't even know the answers myself so I will have to guess them(The closest guess is correct though :P ).

Link to comment
Share on other sites
  • Management
Lindy Grand Master

Lindy

Posted
  • Management
Posted

I'm not even sure how to respond to this other than I'm deeply sorry we tried to better protect your account for you when you clearly believe you had it well under control.

I'd note: 1. This doesn't replace passwords. 2. You can change your password. 3. We can work on the questions. Really not the end of the world. :)

Link to comment
Share on other sites
Rheddy Experienced

Rheddy

Posted
Posted

Lindy, I understand all that, but in the 10 years I have been a licensed client, I have never had my account compromised with IPS. Is there some new threat that IPS knew about that it didn't inform us about? I'm saying this, because as much as I hate to admit this, I have always used the same password and this issue has never come up before. This is why the dual login/username thing is still a good idea and that converting IPS4 to a single username state is not a good idea, in terms of IPS security. Using the excuse that its 'security by obscurity' is simply an excuse by companies to take the easy way out. That whole 'security by obscurity' has become the new 'doomsday' saying for developers who don't like putting too much behind making the login/account hacking harder and more difficult for hackers to crack.

I have the utmost respect for what you guys do but it seems that IPS might be working on upgrading the features of IPS software, but it seems to take two steps back in terms of network security (in regards to the software).

Link to comment
Share on other sites
giskarduk Newbie

giskarduk

Posted
Posted

Quote "

I encourage you to post your thoughts, concerns and any changes that you would like to see there.

Many thanks,
Alan.

Alan Wagstaff
Invision Power Services, Inc

End Quote....

Okay these are my thoughts.....

1) Resetting my perfectly secure password without a good reason or warning is not welcome, it is annoying.

I do not use the same password on several sites, I do not use easy to guess passwords and if I hear even a rumour of a hack, I immediately change the passwords and cancel my credit cards. So I do not need your help securing anything thank you, I got this under control.

In the future only do this if there is a real security threat to worry about that requires immediate action, and allow time for the security hole to be plugged before changing passwords otherwise its pointless. If there is no immediate threat, email me and ask me to change my password and I'll do it my self when I get time.

2) Your security questions assume I live in the USA and know what third grade is, assumes I have a pet, assumes I have a father with a middle name, assumes my mother was married, assumes I am not adopted, assumes I did not have more than 1 teacher... Are you getting my point yet ?

I was only able to answer 1 of your questions because only 1 of them applied to me. The other 2 I had to invent answers for... I have a renewal due on 3 weeks, and you just increased the chances of my not being able to check my details are correct at that time by about 300%.

Well done....

This system you have implemented is notorious for causing customers more problems than it causes hackers. Even tech support staff for other companies know it and accept a wrong answer because most folk do not remember the right ones. It becomes a judgement call, passwords get ignored, the real security is swept aside.... all because your questions do not and cannot ever apply to everybody.

Anyway, I am not happy about these security questions and I want them disabled on my account please.

I do not consider the system to be very secure at all.

PS I will not be reading replies, I'll be back in 2 weeks to try and check my account before the renewal is due in 3 weeks. Make sure I can login because if I cannot, I will not be messing about. I'll take my business else where. I have no faith in this new system at all.

Link to comment
Share on other sites
riven3d Enthusiast

riven3d

Posted
Posted

Just to note that when using the lost password feature, you are promoted to create your own password. A random password is no longer emailed to you.

this is not correct as I just used the lost password request and it sent me a new password I was not given an option to pick one for myself

Link to comment
Share on other sites
riven3d Enthusiast

riven3d

Posted
Posted

Try resetting that password and it will work as Matt said.

why should I?

unlike some of you the security email arrived AFTER I came here to read about the issues and couldnt log in, 2 hours after I sent the password change requests the emails arrived, and then the security email arrives... talk about a delay.

All I said was it does not work the way he said, if you do the lost password request it does not do as posted it sends you a password to use not makes you pick one.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...