20i Domains

security update

Discussion in 'NameDrive' started by TheNightfly, Feb 4, 2009.

Thread Status:
Not open for further replies.
  1. TheNightfly United Kingdom

    TheNightfly Active Member

    Joined:
    Sep 2005
    Posts:
    99
    Likes Received:
    1
    "As part of a security update, NameDrive has changed the password for
    your login to access our system.

    From now on, we will require you to change your passwords every 90 days
    as part of good security practices.

    To gain access to your account and to retrieve your new password, please
    click the following link.

    Send Password

    The new password will be sent to the email you use to login to NameDrive
    ."

    Ok good stuff & overdue . . . . but how long do I have to wait to receive the email ? - it's now a good 30 mins and counting


    Mark
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. NameDriver

    NameDriver NameDrive Staff

    Joined:
    Aug 2005
    Posts:
    717
    Likes Received:
    8
    Hi Mark,

    The mails are sent immediately. I suggest you check your spam filter. If it is not there, PM me and I will send it to your email.

    Ed
     
  4. TheNightfly United Kingdom

    TheNightfly Active Member

    Joined:
    Sep 2005
    Posts:
    99
    Likes Received:
    1
    Hi Ed

    Thanks for your prompt & courteous PM

    Mark
     
  5. mally United Kingdom

    mally Well-Known Member

    Joined:
    Mar 2006
    Posts:
    2,274
    Likes Received:
    22
    Nope, i'd disagree! all it ends up being is password1 then 2 then 3 then 4 and so on.

    My password at work changes every month, what a farce!!
     
  6. NameDriver

    NameDriver NameDrive Staff

    Joined:
    Aug 2005
    Posts:
    717
    Likes Received:
    8
    Mally, if NameDrive change your password, it will always be completely randomised.

    If a user changes their own name, it is up to them to choose something secure.

    I, for one, know from services that I use that it may sometimes be irritating to have to change your password, however, I am aware that some ND users have not changed their NameDrive passwords for the 3.5 years that their accounts have been active.

    Even changing it minimally by adding one or two numbers to the end is more secure than keeping the same password for ever.

    I hope this explains our actions.

    Ed
     
  7. retired_member9

    retired_member9 Retired Member

    Joined:
    Aug 2005
    Posts:
    519
    Likes Received:
    8
    Hope NameDrive wasn't hacked.

    And there is no e-mail for me either.
     
  8. FC Domains

    FC Domains Well-Known Member

    Joined:
    Mar 2005
    Posts:
    1,072
    Likes Received:
    13
    This is just an annoyance.

    I've had the same password on Namedrive for years. It's ten mixed characters, I use it nowhere else and it's not written down.
    What's the advantage to changing it? And why do Namedrive feel the need to force me.
     
  9. fish United Kingdom

    fish Well-Known Member

    Joined:
    Nov 2006
    Posts:
    2,725
    Likes Received:
    27
    I find it hard to believe that ppl are complaining about having to change their password :confused:

    Just because you have had no problems with a password that you've kept the same for years doesn't render it bullet proof - It is a good and sensible practice to change it every so often. You'd be the first to complain if someone compromised your account through PW guessing or such.

    Well done to ND for upping the security policy of the site (and it's users).

    Fish
     
  10. FC Domains

    FC Domains Well-Known Member

    Joined:
    Mar 2005
    Posts:
    1,072
    Likes Received:
    13
    That didn't answer the question, why is it sensible practice?

    Why is a new password more secure than the old one?
     
  11. fish United Kingdom

    fish Well-Known Member

    Joined:
    Nov 2006
    Posts:
    2,725
    Likes Received:
    27
    Quite simply, in case your password has been compromised either through external sources or internal abuse by employees
     
  12. FC Domains

    FC Domains Well-Known Member

    Joined:
    Mar 2005
    Posts:
    1,072
    Likes Received:
    13
    If the password is compromised, what difference does it make if it was recently changed?

    There seems no logic to it.
     
  13. fish United Kingdom

    fish Well-Known Member

    Joined:
    Nov 2006
    Posts:
    2,725
    Likes Received:
    27
    For example, someone had your password and they were sitting on it to utilise at a later date, meanwhile you change it thus rendering the (old) password useless.

    Like with ID theft, card cloning, account jacking etc you ususally only know about it when something goes wrong. There is no infalible remedy of keeping security 100% tight. It makes sense however not to make it easy for anyone who has nefarious intent.

    Fish
     
  14. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    10,944
    Likes Received:
    363
    It's reported in the news that Namedrive suffered a password exposure hack for 1% of its users, hence the new measures and enforced password change.
     
  15. jwm United Kingdom

    jwm Active Member

    Joined:
    Apr 2007
    Posts:
    407
    Likes Received:
    5
    this realy is a poor show, no mention of account details being leaked then. The least you can do for customers is be upfront about an issue rather than try to gloss over the reason for the change
     
  16. retired_member11

    retired_member11 Retired Member

    Joined:
    Mar 2005
    Posts:
    972
    Likes Received:
    4
    All such sites should have "You last accessed this account.. (date and time).", and then the legitimate account holder might then know if someone hacked/ cracked in.
     
  17. NameDriver

    NameDriver NameDrive Staff

    Joined:
    Aug 2005
    Posts:
    717
    Likes Received:
    8
    jwm, I wasn't glossing over the matter. In fact, I had already one hour previously to this post posted on DNForum that we have had notice of a security issue and have taken swift action to close the issue.

    My post to Mally was a reaction to his specific point.

    We have always been upfront about any issues we have ever encountered on ND and are not going to start trying to brush things under the carpet now.

    Any accounts we believe to have been affected were contacted directly by mail.

    Ed

    As to argonaut's comments. We are looking at such measures, both for users and for ourselves to monitor. However, I feel that if someone has accessed your account, then informing you of the fact is probably already too late, so we ensure it never gets to this point in the first place.
     
  18. retired_member11

    retired_member11 Retired Member

    Joined:
    Mar 2005
    Posts:
    972
    Likes Received:
    4
    Perhaps account holders should register an ip address (or several) for account access, and if another ip is detected the system then sends an email alert to the account holder.
     
  19. NameDriver

    NameDriver NameDrive Staff

    Joined:
    Aug 2005
    Posts:
    717
    Likes Received:
    8
    Yes, we were thinking of something along those lines as well with a fixed IP for logging in.

    Ed
     
  20. retired_member11

    retired_member11 Retired Member

    Joined:
    Mar 2005
    Posts:
    972
    Likes Received:
    4
    Great minds think alike........:)
     
Thread Status:
Not open for further replies.