PLEASE READ: Forced logout and password reset

[SarahMumsnet]

Hello everyone,

Our apologies again for the stress and upset of the last week, and in particular the last 24 hours - and thanks for your patience and support in helping us deal with it.

Thanks to everyone who’s raised concerns about the strength of passwords on Mumsnet. We’ve now built new code which will oblige anyone logging in to create a new, complex password that conforms to higher security standards.

In the next hour, we’re going to force all users to be logged out. Then we'll change all users' passwords so they MUST reset their password to log back in. To make absolutely certain that everyone has a new, secure password, you’ll be logged out even if you’ve already changed your password in the last two days.

We’re sorry that this is the second mass password-reset in the space of a couple of days, but now we have code in place to strengthen security, we want to implement it as soon as possible.

Please don’t worry when you’re logged out: it’s MNHQ, not the hacker, behind it.

Thanks again
MNHQ

@VeganCow

With respect, most people cannot manage passwords correctly...

I would suggest you look into it before making sweeping statements.

PaulMoore there is no respect for your spam.

Now off you fuck cuntychops.

Piss off paul.

Most people? People I know can manage passwords perfectly well. And if they were to have a problem, the answer to that problem, along with many, many FREE tools is easy to come by via a google search. Nobody needs to pay a penny.

MNHQ

Have just has to change password to conform with new complex standards, however, the site does not tell you what the standards are! Just says 'unable to change password due to:' and then nothing.

I had to guess what the new standards were. (Caps and at least 2 numbers.. I think). Please sort this!

I just created my longest, most complicated and most random password ever. I'm quite proud of it really...

Well fucking said Moving. I've been thinking it all day tbh,people whining about resetting a fucking password and crying because the hackers might have their bank details and the size of their knickers from PMs . Do people not understand the Internet? Do people not realise that if MN could reset the servers and fix this they fucking would?

Ducky the criteria was:

Password must be between 10-40 characters and include a combination of letters and at least one number or symbol. It must not be a password you have previously used

40 characters?? Who would choose one that long?!

I was told, ducky - although after I'd failed the first time. I seem to remember the text coming up to let me know then.

I sat there with a huge pile of old newspapers, and used the cryptic crossword clues as a starting point.

It was quite good fun seeing how much I could randomise them into passwords.

TakeMe

...Do people not understand the Internet? Do people not realise that if MN could reset the servers and fix this they fucking would?...

I suspect the answer to both of your questions is 'Probably Not'. (For many/most people that is.)

Some lovely people on here tonight.

Sigh.

I was logged off have reset again but I have now log back on to find if lost my 1000 post per page

Here mnhq

No Paul, just straight talking people who dont need someone like you peddling shit. You have tried, and failed, to take advantage of the situation. People are not interested in what you have to say.

I have changed my password several times in the last 24 hours. The one thing I wasn't able to change was the email address saved on my account. After receiving the email from MN on the new address and confirming it on the site, I land on an error page . This one
Did this happen to anyone else?
And YES I was on the list with my old (beloved) username

I tried to change my email address twice, Aussie. The second time I got a confirmation pop-up. But when I logged back out and in again (using the same 9 letter no number no character password that I changed to earlier) it is still showing as my original email address in 'my account'... Am I being dim? I am assuming I haven't been in the roll-out for the forced password re-set yet, and not too worried about that (the original man email warning me has yet to arrive, although I have had the confirmation email that I was on the list - no particular biggie as I was on the first thread last night and knew my name was on the list.)
I'm not sure if the change email function is down at the mo?

Those of you using iPhone- I don't claim to be an expert- but there is an option for blocking cookies on Iphone safari settings Go to Safari- Block Cookies- Always block. I'VE turn my do not track on too. Sorry about the garbled message- i've just spilt Dr Pepper into my keyboard and its broken my delete and enterkeys

When you say there's a new requirement for password security - what is it? I was just told to enter a new password & did so successfully, but not once was I told if it needed to be X characters or contain X uppercase characters or X numbers.

Yeah madwoman same happened to me too. Solution: new email address, new account, new password, all extremely boring for any potential hackers.

Ah. Apols. Have just RTFT. But also echoing others in that the site is not telling people what the secure password parameters are. Also, a huge majority of the leaked passwords would have passed the criteria for the new and improved password security check.

I am unable to change my email too. Have tried several times.

I am not sure the MNHQ is aware of the email problems, so I will report some of these posts and mine, so it can be addressed

I tried to change my password 3 times yesterday - didn't work.The site refused to accept them.I've been forced to do a complete new registration,new email,new everything.

Mission accomplished. So sorry for those who have been targeted by these wankers.

getoff are you sure they were complex enough? You wouldn't have been aware of the necessary parameters by the looks of things. Or could you set up a new account with one of those passwords but not your existing account?