Mercedes-Benz Forum banner

After 11 years..... PASSWORD PROBLEMS? READ THIS THREAD.

15K views 169 replies 40 participants last post by  SoonerCPA 
#1 ·
....Benzworld forced me to change my password.

Anyone else?

DIG'S EDIT / Sorry nobby, had to be done.
I'm sticking this thread with a title modification. People are still coming back for the first time and are unaware of the problem or don't have the same email address as when they first joined and have forgotten the old one. Send a pm to Digmenow or an email to digmenow@aol.com if you have followed the site instructions regarding "Forgot Password" without success.

Can someone put this link in the first post of this thread?

It's the lost password link that I think everyone needs to click to get a new password.


http://www.benzworld.org/forums/login.php?do=lostpw
 
#38 ·
.


Your thread was merged because this is all the same issue, as will be this one.

As I posted, your original account will be restored. Remember,. most of us handling these issues are volunteers, most of whom even have real jobs, hence my 'in the works ' comment.


Sorry this is causing you so much angst.
 
#41 · (Edited)
The problem is not just here.

I Googled Helena's message in the site issues forum and came up with dozens of identical messages:

https://www.google.ca/search?q=Than...rome..69i57.2578j0j8&sourceid=chrome&ie=UTF-8

Hey all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 
#53 ·
I'll assume because you are kinda "out there" that you probably already have one of those nonsensical passwords that they are pining for.

I think a hearty "Congratulations!" is in order.
 
#56 ·
Well, I just now got the password reset business...after the post, and after the notice was added at the top. Reset it with no trouble at all, and the email from the new provider came through instantly.

I did get emails yesterday asking for help. Wish I could have offered more. I'll check back in the morning when I'm awake to see if the requester got going.
 
#57 ·
The Registration Process of this Forum is so hosed up !!!

The Registration Process of this Forum is so hosed up !!!

Wow. I have never had such trouble with any website like this.

Some feedback:

- Neither of my other usernames (cwmoser, cwmoser-reborn) will now let me login. Maybe somebody tried to fix them - but now I can't log in anymore.
- Neither of my other usernames will allow me to reset my password - it keeps
coming back with unknown email.
- I registered this username (cwmoser-onemoretry) with a new email address to see what happens.
- Also, there is no guidance on username selection when you Register. I found the hard way you cannot use a number in your username. The web page does not tell you this. The only way I figured it out was when it continually complained that my password was not meeting the criteria.
- The phone number for the text message verification is not clear that you
must enter your area code in one box and the rest of your phone number in the other.
- The email validation part of the registration process is working now. That is a plus.

Personally, I think the developer of the software for this forum needs to
learn a little about beta testing and look at the wording presented to new
users to avoid frustration. My thinking is that some users will just give up
because the registration process is so convoluted. The Verification process
where you have to select the image of a women and move it to the "circle" sucks. This Forum is not as user friendly as it was and has gone down hill.

I'll give this attempt one more try and if it fails I'm moving on to spend time
more productively in other forums I participate in.
 
#58 ·
The Registration Process of this Forum is so hosed up !!!

Wow. I have never had such trouble with any website like this.

Some feedback:

- Neither of my other usernames (cwmoser, cwmoser-reborn) will now let me login. Maybe somebody tried to fix them - but now I can't log in anymore.
- Neither of my other usernames will allow me to reset my password - it keeps
coming back with unknown email.
- I registered this username (cwmoser-onemoretry) with a new email address to see what happens.
- Also, there is no guidance on username selection when you Register. I found the hard way you cannot use a number in your username. The web page does not tell you this. The only way I figured it out was when it continually complained that my password was not meeting the criteria.
- The phone number for the text message verification is not clear that you
must enter your area code in one box and the rest of your phone number in the other.
- The email validation part of the registration process is working now. That is a plus.

Personally, I think the developer of the software for this forum needs to
learn a little about beta testing and look at the wording presented to new
users to avoid frustration. My thinking is that some users will just give up
because the registration process is so convoluted. The Verification process
where you have to select the image of a women and move it to the "circle" sucks. This Forum is not as user friendly as it was and has gone down hill.

I'll give this attempt one more try and if it fails I'm moving on to spend time
more productively in other forums I participate in.
It's always the newbie who complains.
 
#59 ·
True. I realize now that I overreacted, and thanks Jay as you can see I'm cool. What it is, I used to live in that world, had a 4-digit cyber-lock to get in the parking lot and again to get in the door, then three different system logins with the elaborate passwords that had to be CHANGED EVERY THREE MONTHS just so I could look at the danged radar. *sigh*

And if BW was hacked what would they get besides our email which is out there already. But it is the style of the times so I forgive and move on.
 
#63 ·
Anybody else still having issues? I'm your pomegranate.

Also, since I'm in that mode, screen name changes can be done if you have regrets over your first choice, need capitalization or whatever. If you want a new name, I'd ask that you pretest it by doing an advanced search for posts by that user name to make sure it isn't taken already. I'll do likewise but if you've done your homework, I won't have to come back asking you to keep trying.
 
#66 ·
Hello everyone. Let me chime in on the whole password security thing. I'm currently studying in computer science at one of the top universities in Canada, but since this is primarily a car forum, I will try to keep my epxlanations simple.

One constant mistake I see I.T. people doing is to ask for strong passwords by means of complexity (having a whole bunch of nonsensesical special characters and randomly generated garbage that is impossible to remember) rather than asking for a strong password by means of entropy (having a long password, but one that is easy to remember for humans). Let me explain why complexity is irrelevant, and why entropy is what actually makes a strong password. For that, we need to understand the 2 methods of finding a user's correct password in order to log into his account.

The first method is called a rainbow table attack, and all you need to know about this method is that it doesn't work.

The second method is just good old bruteforcing, try combinations of letters (and numbers and special characters) until you find one that works. So why is complexity irrelevant? Because in bruteforce attacks, special characters are also tried, and while for humans it may seem impossible to guess a password with a special character, for a computer trying to bruteforce its way into an account, special characters and number aren't what's going to save it. To understand why, you only need to know very basic math, but it's all about them exponential numbers!

So, the alphabet has 26 lowercase characters, if we include the uppercase characters, we have 52 possible characters that can make up one character in your password. Now let's add the 9 digits, so we are at 61, and let's round that number up to a generous 70, to include the typically allowed special characters. Like @#$ or whatever. I'll use rather small numbers from now, just to demonstrate my point. Suppose you ask your user to have a random password of 6 characters total, that gives a total possible amount of combinations of 70 * 70 * 70 * 70 * 70 * 70, or simply 70^6 which is equal to 117649000000 combinations, and suppose the attacker could manage to try 1000 attempts per second (this seems like a large number, but given no other security measures, it could be much higher), it would take 3.73 years to guess that passowrd. Now that seems satisfactory, but like I said, it could take much less time. Now let's see what happens when you just make yourself a long but simple password, that is easy to remember. Let's say your password is: MercedesAreBetterThanBMWs which has 25 characters. The possible amount of combinations for a 25 character long, only alphabetical password, is 52^25, which is about 7.945 * 10^42 (if you haven't seen this notation before, it's called scientific notation). To bruteforce that at our previous rate of 1000 attempts per second, it would take 2.52 * 10 ^ 32 years. In other words, it will not happen. Just to give you an idea of how long that is, 1 * 10 ^ 9 is a billion years.

Simply put, stop this complexity nonsense. If a forum requires you to use a special character and a number, just put it in some really simple combination, like 3#. Make your passwords long, but easy to remember. I could name at least 5 other ways an attacker could break into an account, some of which requires the user to take special care, others require that the I.T. crew running the servers take special care. And in none of these cases does a complex password help, but in at least one of these, a long but simple password would.
 
#68 ·
Whew. I'm outta breath just reading all that.

But....until I work at the FBI, NASA, CSIS or Merck Frosst....I really don't see the need for even a complex password on an automotive forum full of old white fat guys.


:)
 
#73 ·
I may be obtuse here, but the risk of hijacking someone's account is what?
- posting stupid stuff
- using the account of someone with an apparently good reputation to scam another forum member?

I'm not sure I see the major risks. It's not as if we Store out bank account information in out Benzworld accounts.

I wonder how long it will take me to forget the new password with special characters in it.
 
#77 ·
I may be obtuse here, but the risk of hijacking someone's account is what?
- posting stupid stuff
- using the account of someone with an apparently good reputation to scam another forum member?

I'm not sure I see the major risks. It's not as if we Store out bank account information in out Benzworld accounts.
You need to look at the big picture...Benzworld is a very small piece of the pie.

Hacker steals 45 million accounts from hundreds of car, tech, sports forums | ZDNet
 
#74 ·
I'm back. Kinda shell shocked at what happened.
Still some quirks like cannot go to user profile and change my defunct email address,
and that the selection to display the "Classic" view only seems to work if you are within
a topic conversation.

I have to thank Digmenow for manually setting my password and getting my account working.
 
#75 ·
I'm back. Kinda shell shocked at what happened.
Still some quirks like cannot go to user profile and change my defunct email address,
and that the selection to display the "Classic" view only seems to work if you are within
a topic conversation.

I have to thank Digmenow for manually setting my password and getting my account working.
As my Benzworld mentor used to say, "we fix'em up". You're welcome.
 
#83 ·
I used the "forgot password" routine as instructed. Don't think the new password provided was any better than my old one, but I switched to it anyway. I let Chrome memorize it for me, so now I'll be SOL trying to log on on any computer other than my desktop.
Oh, and now that annoying verification thing has vanished.
 
#84 ·
I tried that as well as the contact link to no avail... I never received the emails, (correct address and not in spam filter) and finally opened a new account to use pm to get assistance...

So many opportunities for smart-ass posts missed!
 
#85 ·
Four days and eleven emails to the system and I finally got a response with a new temporary password allowing me to reset. It would appear that an explanation is due the members as to the necessity for this drastic change and the less than professional manner in which it was executed. Was BenzWorld trying to emulate MBCA's foot-shooting website revamping from which they may never recover?
 
#87 ·
I had the problem fixed about an hour after it first showed up. I thought!

Today I received an email with another temporary password and had to go through shemozzle again.

Probably because I tried several times initially without getting the email.

Whatever, kind of a big mess. Must be a Canadian thing :)
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top