Sign in to follow this  
Wurmhole

Forum password reset

Recommended Posts

Remember to click the "forgot password" link when you first log in to forums.  I see a lot of guests online right now

Share this post


Link to post
Share on other sites

Is it just me or is the forum fixed?

 

I haven't checked everything yet, but seems fine.

 

Also - be patient with reseting password, I had to wait over 15 minutes for e-mail.

Share this post


Link to post
Share on other sites

I wonder how many people have been locked out 

Share this post


Link to post
Share on other sites

I wasn't able to do the QRcode part, but otherwise it only took me a couple of seconds to reset my password so I could post.

(and this post posted much faster than the other forums!)

Edited by Dorian

Share this post


Link to post
Share on other sites

Was it a response to a concrete intrusion or?..

 

If i was reusing the pasword on the forums in other places how much should i be worried on a scale of 0 to SKYNET?

  • Like 1

Share this post


Link to post
Share on other sites
5 minutes ago, bdew said:

Was it a response to a concrete intrusion or?..

 

If i was reusing the pasword on the forums in other places how much should i be worried on a scale of 0 to SKYNET?

 

According to Retrograde:

 

On 27/06/2017 at 0:44 PM, Retrograde said:

Additionally, we identified a potential security issue and as such will be performing some security changes. All accounts will have a forced password reset after the update, and we will be enabling HTTPS for the entire forum.

Share this post


Link to post
Share on other sites

It took me nearly 2 hours to receive the email to reset my password but I'm happy to see some new security changes for us

Share this post


Link to post
Share on other sites
7 minutes ago, bdew said:

Was it a response to a concrete intrusion or?..

 

If i was reusing the pasword on the forums in other places how much should i be worried on a scale of 0 to SKYNET?

 

There was no concrete intrusion.

 

Essentially we had planned to move the forums to forced https to begin with, and with http being easy to scrape data from while on insecure networks, I was going to recommend password changes anyway.

We decided to enforce the password reset after a few insecure settings were found, though an inspection of the logs showed no intrusions.

 

The main problem with sharing passwords between sites is that any site you share it on could potentially be compromised. A lot of sites use popular software suites, like Drupal, Wordpress, or even these forums here. Any of these software suites could be affected by a zero-day exploit, which opens up a window for security risk. You mitigate the risk to yourself by using a different password per site, and in our case, a different password for forums and your in-game accounts.

 

I've probably sounded rather dark and scary over the last few days, but you only need to scan the news to understand how important cyber security is and how quickly even the biggest of giants can find themselves in a bad situation. I mean just a few months ago Cloudflare was found to be leaking HTTPS data from their edge routers, which was then indexed by search engines. So it's not just the software the site runs, but anything else in the infrastructure. In that case there was a very small window where you could actually find people's login credentials that should've been encrypted by HTTPS popping up in search engine results.

 

I hope this better explains things.

  • Like 1

Share this post


Link to post
Share on other sites

I cannot be tortured anymore for my forum password, I've changed it and forgot next moment.

Good thing is that I use a password manager - one that does not sync unencrypted to a shady online services.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, bdew said:

Was it a response to a concrete intrusion or?..

 

If i was reusing the pasword on the forums in other places how much should i be worried on a scale of 0 to SKYNET?

 

I'd be worried depending on how many places you reused the password, as there's no telling whether any of those other places had a leak. One of those places might even have had a leak and kept quiet about it (or might not have even realised it), making it hard to know for sure.

 

For those using a password on multiple sites, look into a password manager. I use keypass myself, which stores your passwords locally on your own pc. All I need to remember these days is my keypass password, as without it I can't get to all my other passwords. There are also several online ones, but I prefer to keep my passwords to myself.

Share this post


Link to post
Share on other sites

Speaking of waiting for the forum password change verification e-mail, i had to wait nearly *9 hours* before my e-mail finally arrived.  This isn't through a low-budget amateur e-mail service either, but a national one.

 

Just be advised for some of you, like for my case, you might need to wait a very long time. But if you're like me, it will come eventually.

 

Share this post


Link to post
Share on other sites
9 minutes ago, Tristanc said:

Speaking of waiting for the forum password change verification e-mail, i had to wait nearly *9 hours* before my e-mail finally arrived.  This isn't through a low-budget amateur e-mail service either, but a national one.

 

Just be advised for some of you, like for my case, you might need to wait a very long time. But if you're like me, it will come eventually.

 

 

I mentioned in-game and in the announcement at the top of the forum that we had issues with our email provider that have been resolved. I've been watching the email flow and there's quite a few that are waiting for their timeout period to expire. Some are on a 4 hour timeout, some are on a 2 hour timeout. The last one to have a 4 hour timeout was about 2 hours ago, so I suspect most emails will be delivered within the next 2 hours. I do see some failures that are not spam-related, where the service is just having issues.

Share this post


Link to post
Share on other sites

A thank you to Keenan, for spotting that my password reset had failed permanently and getting me the link I needed.

 

It is also good to have 2 factor authentication. There is a link on the page by the QR code which will give you the code to type into the authenticator app to get things setup.

  • Like 1

Share this post


Link to post
Share on other sites
4 minutes ago, Wulfmaer said:

A thank you to Keenan, for spotting that my password reset had failed permanently and getting me the link I needed.

 

It is also good to have 2 factor authentication. There is a link on the page by the QR code which will give you the code to type into the authenticator app to get things setup.

 

Speaking of, if anyone knows @Wulfgarrin-game, have them jump on IRC or send a PM to Rizi. 

 

AS Wulfmaer mentioned (funny the names are similar), I am watching for permanent failures and am sending from my keenan@wurmonline.com account when I find them. Thankfully the spam rejection storm seems to be over with and the only bounces I'm seeing are actual server errors on the mail hosts. Once those move to permanent failures, I'll note down the accounts and try sending direct or attempt to make contact in-game.

Share this post


Link to post
Share on other sites

I will be in IRC tonight to try and answer questions. If anyone is having issues, catch me there and I'll compile a list of those with permanent failures. I know I got 2 people resolved last night, but failed to help Wulfmaer. Sorry I couldn't be of more help.

 

I will be on sometime around 0400 GMT. Feel free to pm me in game or through IRC and I'll do my best to help. You can find a list of my active Characters on my profile page.

  • Like 1

Share this post


Link to post
Share on other sites

I got my reset email in seconds, but I was also one of the first back in.  So far, the only delays in forums I am seeing are from my ISP.

 

So pleased with the results!!  THank you!

  • Like 1

Share this post


Link to post
Share on other sites

Since the forum was reopened I had zero lag when posting, thank you!!!! I have 2FA already on too.

Share this post


Link to post
Share on other sites

I just reset mine, and instantly got my email, but then when I tried to reset it, it did some weird drop the ball thing (Said something down in the left lower corner of my browser about 'shaking hands with a server or something' and acted like it was lagging and then did nothing/went to a page saying something like document dropped or something like it failed. Tried to go back to the password reset with browser back button and it freaked out/futzed on me and gave another 'document doesn't exist' type page.)...but I was able to click the email link again and open another new tab and it functioned that time. Not sure what the heck happened that first time.

 

Forums still lagging a bit for me personally, but I'm in the U.S. and this company is way over around the other side of the world so I expect a little/figure it will happen. It's not instantly posting the things I send, but it's not having a heart attack and waiting 15 minutes either before posting the things I said like it was before (Which is what was causing those double posts from people I believe.)

Oh, and I don't have a smart phone, so no ability to 2 factor authenticate. Also not using some weird desktop app doohickey. (I'm on Windows 7, so I don't even know how to use those app things.)

Edited by Corsan
Forgot to add comment about lag.
  • Like 1

Share this post


Link to post
Share on other sites

I did some performance tweaks which may have coincided with your reset, Corsan.

 

As for lag, east coast US here and not getting much of any. Pretty much the only lag I'm seeing is on massive threads and connection latency. If there's something specific that takes more than a few seconds to load, please point it out,.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this