Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk

Back to thread
MNHQ

PLEASE READ: Forced logout and password reset

22 replies

SarahMumsnet · 19/08/2015 22:12

Hello everyone,

Our apologies again for the stress and upset of the last week, and in particular the last 24 hours - and thanks for your patience and support in helping us deal with it.

Thanks to everyone who’s raised concerns about the strength of passwords on Mumsnet. We’ve now built new code which will oblige anyone logging in to create a new, complex password that conforms to higher security standards.

In the next hour, we’re going to force all users to be logged out. Then we'll change all users' passwords so they MUST reset their password to log back in. To make absolutely certain that everyone has a new, secure password, you’ll be logged out even if you’ve already changed your password in the last two days.

We’re sorry that this is the second mass password-reset in the space of a couple of days, but now we have code in place to strengthen security, we want to implement it as soon as possible.

Please don’t worry when you’re logged out: it’s MNHQ, not the hacker, behind it.

Thanks again
MNHQ

Go to post
MNHQ

RebeccaMumsnet · 19/08/2015 23:02

You should have all been kicked out. If you have not, please log out and you will have to reset.

MNHQ

KateMumsnet · 20/08/2015 08:54

Hello all and really sorry about the lack of instructions for choosing a new password. Tech were somewhat under the cosh last night - the error message on the desktop site let's you know what's required, but the mobile site version doesn't.

The standards for new, strong passwords are:

10 characters or more
A mix of letters and at least one symbol or number
It must be a brand new password, and not one you've used previously

MNHQ

KateMumsnet · 20/08/2015 09:20

Hello again - we're looking into why some of you mightn't have been booted out and forced to set a new robust password right now - thanks very much for letting us know.

The 'can't use an old password' rule only applies only to the last two that you've used.

So if you've used a password that's older than the last two passwords you chose, AND it coincidentally meets the new, robust password standards (more than ten characters, a mix of letters and at least one symbol or number), it will have been accepted and able to log in.

If you've been allowed to reset your password to one that either
a. doesn't meet the new security standards
b. Is one of the two old passwords you used most recently

could you possibly email [email protected] with details, and they'll look into it as soon as possible?

And THANK YOU for your patience.

MNHQ

KateMumsnet · 20/08/2015 09:21

@JustMeOverHere

Having read KateMumsnet's message above it would help if the password criteria was actually on the password change page Hmm

Agreed, JustMe, and apologies - this should be being updated as soon as possible.

MNHQ

KateMumsnet · 20/08/2015 10:32

@ThisNameIsBetterThanMyRealOne

Is there any reason this is not stickied?

Ach, sorry ThisName - we've done that now on Active and Chat.

MNHQ

KateMumsnet · 20/08/2015 10:36

And just to let you know, JustineMumsnet has posted an update on the 'technical details' thread over here.

Here's a c&p for convenience:

"Morning all,

Here's an update of where we are at. The tech team found the hole which was accessed to capture user login data via phishing and patched it yesterday pm. Then, as you probably know, we forced another password update requiring higher-security passwords last night (once we'd rebutted a further DDoS attack).

We are undergoing full security testing by external experts over the next few days to determine if there are any other weaknesses which might be exploited. We'll update you when that process is completed.

Many thanks for your patience and understanding. The best advice remains to update your password here and any passwords used on other sites that are the same as ones you've used on Mumsnet before yesterday.

We're really sorry for the extra bother any anxiety caused."

MNHQ

RebeccaMumsnet · 20/08/2015 10:54

@magimedi

I would like to know WHY SOME OF US HAVE NOT BEEN KICKED OUT AND CAN STILL USE OLD PASSWORDS - Please.

Hi magimedi,

Everyone should have been kicked out. Tech are looking into now.
Please do reset, you shouldn't be able to log in again with your old password at all, if this has happened and you have logged out and back in again, let us know.

MNHQ

RebeccaMumsnet · 20/08/2015 11:01

@0pheliaBalls

Still not had a forced reset.

How do I go about getting my posting history deleted? I appreciate it's not MN's fault and that you're doing everything you can to sort this, but I think those who want their posts deleted should have that option.

Flowers to all of you working to sort out this nightmare.

if you email [email protected], we will take a look.

We have a team working on that now but the inbox is rather full so it may take a little while for us to get back to you. Apologies and thanks.

MNHQ

RebeccaMumsnet · 20/08/2015 12:32

@mejon

Bloody blinkin flip! I've just had to log in via FB as I had no other way of doing it. I can no longer access my bloody emails as I may have inadvertently changed the password but it's not recognising anything I input so I can't receive or send any. I was logged out last night at around 22.30 but decided to wait until this morning to try and get back in and assumed that when I did there'd be the choose a new password option but it's only giving me one box and the one I changed to yesterday afternoon isn't being recognised. Has everyone been sent an email with a link to reset passwords? Here is my blimmin problem as I can't get my blimming emails as I've changed my blimmin password and I can't remember what it blimmin is.

We're glad you managed to get back in mejon. Hopefully you will be able to reset your password with your email provider too.

MNHQ

RebeccaMumsnet · 20/08/2015 13:16

@PolkadotsAndMoonbeams

I've been successfully kicked off, changed password and come back.

But now on my mobile the blue bar across the bottom with watched/I'm on etc has vanished. Has this happened to anybody else? I'm definitely logged in (I'm posting from it now!).

Hi PolkadotsAndMoonbeams,

Would you mind starting another site stuff thread for this, it could be an unrelated issue with the mobile site. If you could post with what device and browser you are on, this would help. Thank you.

MNHQ

RebeccaMumsnet · 20/08/2015 13:18

@faustina

I'm still finding myself logged out each time I visit the site (and it wasn't me who logged myself out). I check each time that the login page is https and it is but how come I'm always logged out? It's happened three times today

I was on the list and have changed my password three times already.

Hi faustina,

What device is this on and have you been able to log back in with your new reset password since the reset or are you asked for a new password every time?

MNHQ

RebeccaMumsnet · 20/08/2015 13:33

@faustina

Rebecca - I'm on my laptop. It accepts my new reset (as of this morning) password each time

What browser please faustina? Firefox, Safari ?

And at what point do you get logged out? mid-session or when idle?

MNHQ

BeccaMumsnet · 20/08/2015 16:41

@MeAndTheMajor

Can I double check something? I was forcibly logged out last night and as I was on the app, decided to wait until I got on a computer today to change my password. I done it but want to check I've followed the right process - was I meant to just request a password reset and then click on the link in the resulting email from [email protected] to do it?

Sorry if this has been explained somewhere - I've read lots of threads and can't find the answer. My suspicious mind is now in overdrive and I want to check I've followed the right procedure.

Hi MeAndTheMajor - yes that's exactly right. Do let us know if you have any trouble.

MNHQ

BeccaMumsnet · 20/08/2015 16:46

@camperdine

I have still not had a forced reset.

Hi camperdine - we'd suggest changing your password yourself on your account, even if you haven't been forced a reset.

MNHQ

BeccaMumsnet · 20/08/2015 16:51

@shopafrolic

RebeccaMumsnet sorry - me again. I have now been logged off the site, but when I go to look back in it is not asking me to reset my password......I know you said to do it anyway. Do I click on the link for I have forgotten my password? In other news DadSec have tweeted that their domain has been suspended - but that they have "more shit coming"

Hi shopafrolic - you can either click on forgotten my password or follow this link. Shout if you have any trouble.

MNHQ

BeccaMumsnet · 20/08/2015 16:55

@faustina

I'm using Safari, and I think it logged me out when I was idle (although it's been idle since I last posted on here and I don't seem to have been logged out this time

Hi faustina - it may be because you had been idle for a certain amount of time. Hopefully you won't have any further trouble, but if you do, please do let us know and we'll have a look.

MNHQ

BeccaMumsnet · 20/08/2015 17:22

@DixieNormas

I've just been chucked out again but when it asked for password reset it didn't have the warning thingy that's been coming up and it was green instead of the yellow it's been the last few times?

I had another window open and it's let me back on without resetting my password

Hi DixieNormas - we've let Tech know about this and they're looking into things, but they do think it's all fine.

MNHQ

BeccaMumsnet · 20/08/2015 17:25

@shopafrolic

Thanks BeccaMumsnet Flowers Cake [tea] nearly Wine time surely?

Hi shopafrolic - where's the Gin smiley?!

MNHQ

BeccaMumsnet · 20/08/2015 17:27

@DixieNormas

I didn't bother password changing a giant and it's let me back on anyway

Hi again DixieNormas - we would recommend changing your password if you haven't done so today. We'll look into why you're being logged off.

MNHQ

BeccaMumsnet · 20/08/2015 17:29

@magimedi

I've done a reset by asking for the email link. And have logged in with new password.

There is no longer the yellow triangle warning on the log in page, but the yrl was OK

Hi magimedi - we've let Tech know about this and they're having a look, but they do think this is fine.

MNHQ

KateSMumsnet · 20/08/2015 17:47

@Pullingpants

It's still logging me in, only via FB, with an old user name. All my history is gone! Despite me resetting the password about twice, it doesn't recognise it.

Hullo Pulling - what do you mean by all your history is gone? Do you mean your past posts?

MNHQ

KateSMumsnet · 20/08/2015 18:03

@ZingDramaQueenOfSheeba

nooooooo, not bug hugs!Blush Grin BIG hugs!!!!

No bug hugs?

PLEASE READ: Forced logout and password reset
Watch this thread for updates

Tap "Watch" to get all the latest updates

End of posts

There are no more MNHQ posts on this thread

Back to thread