Due to a security breach we are resetting all passwords across Mumsnet

[RebeccaMumsnet]

Following the recent security breach related to Heartbleed we are reseting the passwords of all users.

On Saturday 12 April, we will remove all passwords from our system and to use the site, you'll need to reset your password by clicking on the password reset link.

Type in your email address and click the 'Request reset' button and you will receive a mail to your Mumsnet registered email account. (You will need to click on the link in the mail within 30 minutes of receiving it, without changing the device you're using i.e swapping from phone to laptop, or you'll need to request a further reset).

If you do not receive a mail, please check you spam folder. The password reset mail will come to the email you used when you first registered with Mumsnet.

If you don't receive or can't access your reset mail, please [email protected] for help.

We are very sorry for all the fuss. We want to assure you that we followed all the published steps to protect members' security as soon as we became aware of the heartbleed security risk, but it seems that the breach occurred prior to that risk becoming known.

Most importantly, if you use the same password here as elsewhere, we strongly recommend you change your password on the other sites too.

Thanks,

Justine & the MNHQ team

[RStallman]

It doesn't matter how complex the password is when it gets leaked in plaintext or obtained via keylogger. There were plenty of people running WPA with 64 character long passwords who were surprised by the WPS sidechannel attack, which rendered password strength useless. Having one password to act as a skeleton key to open all doors could be very dangerous in the wrong situation. And I won't even start at how ridiculous recommending closed source encryption software is.

It is too late for this conversation, you can continue it without me. My bed calls.

[confuddledDOTcom]

I like what RoM does (not a player but know people who do) they have an onscreen keyboard and recommend you use a combo of keystrokes and clicking the onscreen keys to enter your password.

Also like my Blizz authenticator.

Some of my gamer friends type their password in wrong and then use the mouse to correct it so psswrd and you click back to make it Password1. Helps with keylogging at least.

[Heartbleed]

I did suggest KeePassX as an opensource alternative. But I guess you have a point.

So we will use KeePassX for now. Firstly the password you use as your key for the database file will not be stored in plain text. It will be hashed and salted and only the hash sum with the salt will be stored and used to check if the password you enter is correct.

As for keyloggers. On the physical side just make sure that you have good physical security on your home and drros which lead to your computer. If you are feeling really causious, check all ports for any keyloggers before you boot up. As for software keyloggers, ensure that your OS is upto date, and that any ant-virus/malware programs you have are always kept up to date and you do regular scans.

The encryption that programs such as KeePass use has been vetted by cryptographers and hs proven to be strong.

But on a note about LastPass. Here is a goof page about it along with a great video by a HIGHLY rewnowned security expert talking about LastPass: blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html

[Heartbleed]

doors*

[Heartbleed]

On anouther note, you can also enable 2-factor authentication for LastPass.

[noblegiraffe]

Is RStallman the real hacker?


Hmmm, what do you think of GLC?

[Heartbleed]

Just because someone knows about netsec and cryptography doesn't mean that they are the hacker.

[flow4]

Blimey. Am I the only person thinking that I might've understood more of the last few posts if they'd been written in Latin?! It makes me realise how little I know about techie stuff.

I'm only just back in. I registered using an email account I no longer have access to, so I have had to prove my identity and offer up the blood of my first-born to be allowed back. Saturday to Thursday without MN. I'm still reeling!

[VeryStressedMum]

Why does my reset email take so long to come through? I'm still logged in on my phone, hence i can post, but forced log out on kindle and laptop. But i got the reset email about 5 hours after i requested it when i was asleep and it expired. And it happened again. it's annoying cos it's a different email account and i don't get notification so i have to keep checking.
even though I'm logged in on my phone it's too small i can't see it!!

[flow4]

Hmm, I wonder why it hasn't logged you out Very...? All cookies were reset and all passwords were disabled. It kicked me out, and I'm on my phone too...

[sunbathe]

Thanks for helping me to reset mine.

[VeryStressedMum]

Definitely hasn't logged me out of my phone, but still no reset email its been over 2 hours now and before it was 5 hours after i requested it. No idea why i haven't been logged out on my phone. Just a few days before mumsnet asked us to change the passwords i noticed I was logged out when i hadn't logged myself out so i logged back in using my usual password, this happened twice.
I'd really like my reset email mnhq??????

[DawnMumsnet]

@VeryStressedMum

Definitely hasn't logged me out of my phone, but still no reset email its been over 2 hours now and before it was 5 hours after i requested it. No idea why i haven't been logged out on my phone. Just a few days before mumsnet asked us to change the passwords i noticed I was logged out when i hadn't logged myself out so i logged back in using my usual password, this happened twice.
I'd really like my reset email mnhq??????

Hi VeryStressedMum

Sorry for all the faff - just letting you know that we've mailed you a fresh password reset link now. Please email [email protected] if you don't receive it, we're determined to sort this out for you!

[StampedLetter]

I have changed my password on the iPad. Logged in and out and all ok, but it cannot connect using that password and new email address on my phone? Help please? :)

[roeddwnibwytadyllysiau]

I got fed up trying to reset my password - it wouldn't let me do it on any of the links I was sent so I have rejoined with another email address and a new name (welshies will know who I was) Can I merge accounts or how to I get my english name back?

[IrenaDubrovna]

.

[StampedLetter]

Ok I have now just logged in on the PC so my account is definitely working. It is just my phone. Anyone have any ideas?

[BubbleSausageTheSecond]

I couldn't get the reset to work, kept saying the link had expired, tried about 20 times so I've re registered.

[maloofysmum]

Hi, I have received two emails from Mumsnet in the last 24 hours saying I've asked for a password reset. I haven't requested either so wondered if something was wrong? I changed my password after the reset last weekend. Do you think I should change it again?

[DiaryOfAWimpyMum]

I have my old nick name back again, thanks MNHQ.

[OhYouBadBadKitten]

maloofy I'd report your post if I were you to check that your account hasnt been compromised.

[brittanyfairies]

I had to give up on the password reset, been trying for over a week and never received the reset email no matter how many times I tried. When I clicked on the contact@mn email they just told me to keep trying. I've just reregistered in the end, I'm going to miss my old name.

[Alidoll]

AOL has also been targeted over the weekend by hackers - especially those with older accounts. Email sent out called "NEWS" to all in contact list and then spoof emails even after password changed. AOL being tight lipped about it but affecting a LOT of aol accounts.

DO NOT OPEN ANY EMAILS CALLED "NEWS" FROM AOL MEMBERS IF SENT TO YOU - DELETE IMMEDIATELY.

[ClothesFlowingInTheWind]

How do you know all of this if AOL are not admitting to it?

[maloofysmum]

Thanks Bad Kitten I'll do that. I haven't had any today, might change my password again today just in case.