Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Daily Diamond

security update

Status
Not open for further replies.
TheNightfly

TheNightfly

Joined
Sep 10, 2005
Posts
98
Reaction score
1
"As part of a security update, NameDrive has changed the password for
your login to access our system.

From now on, we will require you to change your passwords every 90 days
as part of good security practices.

To gain access to your account and to retrieve your new password, please
click the following link.

Send Password

The new password will be sent to the email you use to login to NameDrive."

Ok good stuff & overdue . . . . but how long do I have to wait to receive the email ? - it's now a good 30 mins and counting


Mark
 
Domain Summit 2024
Hi Mark,

The mails are sent immediately. I suggest you check your spam filter. If it is not there, PM me and I will send it to your email.

Ed
 
From now on, we will require you to change your passwords every 90 days
as part of good security practices.
Click to expand...

Nope, i'd disagree! all it ends up being is password1 then 2 then 3 then 4 and so on.

My password at work changes every month, what a farce!!
 
Mally, if NameDrive change your password, it will always be completely randomised.

If a user changes their own name, it is up to them to choose something secure.

I, for one, know from services that I use that it may sometimes be irritating to have to change your password, however, I am aware that some ND users have not changed their NameDrive passwords for the 3.5 years that their accounts have been active.

Even changing it minimally by adding one or two numbers to the end is more secure than keeping the same password for ever.

I hope this explains our actions.

Ed
 
This is just an annoyance.

I've had the same password on Namedrive for years. It's ten mixed characters, I use it nowhere else and it's not written down.
What's the advantage to changing it? And why do Namedrive feel the need to force me.
 
I find it hard to believe that ppl are complaining about having to change their password :confused:

Just because you have had no problems with a password that you've kept the same for years doesn't render it bullet proof - It is a good and sensible practice to change it every so often. You'd be the first to complain if someone compromised your account through PW guessing or such.

Well done to ND for upping the security policy of the site (and it's users).

Fish
 
fish said:
Just because you have had no problems with a password that you've kept the same for years doesn't render it bullet proof - It is a good and sensible practice to change it every so often.
Click to expand...

That didn't answer the question, why is it sensible practice?

Why is a new password more secure than the old one?
 
FC Domains said:
That didn't answer the question, why is it sensible practice?

Why is a new password more secure than the old one?
Click to expand...

Quite simply, in case your password has been compromised either through external sources or internal abuse by employees
 
fish said:
Quite simply, in case your password has been compromised either through external sources or internal abuse by employees
Click to expand...

If the password is compromised, what difference does it make if it was recently changed?

There seems no logic to it.
 
FC Domains said:
If the password is compromised, what difference does it make if it was recently changed?

There seems no logic to it.
Click to expand...

For example, someone had your password and they were sitting on it to utilise at a later date, meanwhile you change it thus rendering the (old) password useless.

Like with ID theft, card cloning, account jacking etc you ususally only know about it when something goes wrong. There is no infalible remedy of keeping security 100% tight. It makes sense however not to make it easy for anyone who has nefarious intent.

Fish
 
vizzy said:
Hope NameDrive wasn't hacked.

And there is no e-mail for me either.
Click to expand...

It's reported in the news that Namedrive suffered a password exposure hack for 1% of its users, hence the new measures and enforced password change.
 
NameDriver said:
Mally, if NameDrive change your password, it will always be completely randomised.

If a user changes their own name, it is up to them to choose something secure.

I, for one, know from services that I use that it may sometimes be irritating to have to change your password, however, I am aware that some ND users have not changed their NameDrive passwords for the 3.5 years that their accounts have been active.

Even changing it minimally by adding one or two numbers to the end is more secure than keeping the same password for ever.

I hope this explains our actions.

Ed
Click to expand...

this realy is a poor show, no mention of account details being leaked then. The least you can do for customers is be upfront about an issue rather than try to gloss over the reason for the change
 
All such sites should have "You last accessed this account.. (date and time).", and then the legitimate account holder might then know if someone hacked/ cracked in.
 
jwm, I wasn't glossing over the matter. In fact, I had already one hour previously to this post posted on DNForum that we have had notice of a security issue and have taken swift action to close the issue.

My post to Mally was a reaction to his specific point.

We have always been upfront about any issues we have ever encountered on ND and are not going to start trying to brush things under the carpet now.

Any accounts we believe to have been affected were contacted directly by mail.

Ed

As to argonaut's comments. We are looking at such measures, both for users and for ourselves to monitor. However, I feel that if someone has accessed your account, then informing you of the fact is probably already too late, so we ensure it never gets to this point in the first place.
 
Perhaps account holders should register an ip address (or several) for account access, and if another ip is detected the system then sends an email alert to the account holder.
 
Yes, we were thinking of something along those lines as well with a fixed IP for logging in.

Ed
 
Status
Not open for further replies.

Similar threads

Helmuts
Tutorial for all attendees: Register with the Mobile App to be able to contact other attendees
Replies
0
Views
269
Helmuts
Helmuts
Acorn Newsbot
Nominet Update: Articles of Association
Replies
1
Views
264
cloud
C
Acorn Newsbot
Nominet Unveiling a new era of cyber security collaboration across Europe
Replies
0
Views
178
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Nominet Company Resolutions
Replies
0
Views
148
Acorn Newsbot
Acorn Newsbot
Systreg
Moving a WP site to new host?
2
Replies
23
Views
1K
Helmuts
Helmuts

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 927 (members: 17, guests: 910)

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Register for the auction

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
*the exceptional businesses of our esteemed moderators
Top Bottom