Oooops... We have reset your passwords

Forums › Geekzone › Oooops... We have reset your passwords

1 | 2 | 3 | 4 | 5 | 6

4 posts

Wannabe Geek
Inactive user

#774733 5-Mar-2013 07:42

Did the same thing to me, I put my user name in and hit send and it said it did not recoginize my user name so I put in my email address and it sent the link to my email along with my user name so I went bck to the site and tried my user name again and same thing said it did not recoginize my user name. I went back clicked the link changed my password and everthing worked fine.

timmmay

20574 posts

Uber Geek

Trusted

Lifetime subscriber

#774734 5-Mar-2013 07:42

sqlpro:atleast in this case, if all passwords are reset , how its going to re-authenticate before allowing new password?

You'd have to reauthenticate based on another token, or use the email address to reset passwords.

kenkeniff

628 posts

Ultimate Geek

#774735 5-Mar-2013 07:45

freitasm:
kenkeniff:
muppet: I'm curious - from a technical point of view, what did you do to the database to reset everyone's password?

freitasm:
Technically? I was going to update one password but instead typed the command and pressed the EXEC button before finishing up the WHERE clause. That's not very technical...

I think he was asking did you;

a) NULL everyone's password so no-one should be able to log on?
b) Replace everyone's password with an identical HASH, in which case everyone could log on with the same password (if they knew what it was)?
or c) Replace everyone's password with a plain-text string (in which case you're storing plain-text passwords)?

a) NULL password

As for c) if I had stored a plain-text string then no one would be able to login either since the password is hashed and the likelihood of an English word matching a hash is pretty low...

Thanks for the clarification

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#774741 5-Mar-2013 08:00

Having said that... Looking at this now I should really just had put Geekzone on maintenance mode, restore the database and applied all logs to five minutes before the update.

This would be easier for everyone... Sorry again :)

I have updated the login page to accept either username or email in the reset field, and have changed the text. Also added labels to the reset page as someone here suggested it was hard to see both fields.

So in all some good changes.

And yes, I did get abused by a few people. People who join to enter competitions trying to score some freebies then call you names if you email them. Oh well.

jevvv

some call me @jevvv
658 posts

Ultimate Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#774743 5-Mar-2013 08:03

Got the email, then couldn't see the wood for the trees - finally saw the New Password box

It's probably not a bad idea for us to redo the password occasionally anyway ;)

<- don't ask me where I am - I haven't a clue: its a tech thing ;)
Housewife computerer: not particularly great at either.
And don't take me too seriously.

StarBlazer

961 posts

Ultimate Geek

Trusted

#774744 5-Mar-2013 08:04

Not to worry Mauricio, it shows that you are human - like most of us.

Those who never make mistakes are just better at finding someone to blame!

Procrastination eventually pays off.

aim

247 posts

Master Geek

#774750 5-Mar-2013 08:22

As a sys admin, I find this amusing :P

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Klipspringer

2385 posts

Uber Geek
Inactive user

#774752 5-Mar-2013 08:22

Just reset mine. No problems at all.
Was about time it needed changing anyway :-)))

Cloudy

150 posts

Master Geek

#774753 5-Mar-2013 08:26

Mine seems to still be working, just selected from my bookmarks and I'm in.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#774761 5-Mar-2013 08:37

Cloudy: Mine seems to still be working, just selected from my bookmarks and I'm in.

That's because you were on Geekzone before with the option to keep logged in. Your browser has a token that will keep it logged in. We do not store the password on cookies, so if you logout now then you will see your password is reset, like everyone's else.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#774779 5-Mar-2013 09:06

Pffft 70k. I've so got you beat on numbers and customer impact. No dramas though since it is very minor for most folks on here.... My case... Not so much.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#774781 5-Mar-2013 09:08

plambrechtsen: Pffft 70k. I've so got you beat on numbers and customer impact. No dramas though since it is very minor for most folks on here.... My case... Not so much.

Good try at trolling. I will recommend PeterReader have a word with you to learn the tricks.

The difference is that 70k reset passwords on Geekzone by a mistaken EXEC is different from 70k accounts accessed by spammers on Yahoo!Xtra.

It's not all numbers. As you said, it's the impact...

Agent24

89 posts

Master Geek

#774798 5-Mar-2013 09:21

Aaroona: Lets call it "security awareness day" instead off "oops I flicked the wrong switch!" :p everyone should change their passwords sometime!

blakamin

4431 posts

Uber Geek
Inactive user

#774824 5-Mar-2013 09:51

Handy, because I'd forgotten my password anyway!
Cheers, and stuff the competition whiners.

Athlonite

1828 posts

Uber Geek
Inactive user

#774858 5-Mar-2013 10:23

Thanks for the email heads up it was probably a good time to change the password anyways been using the same one for far too long

and as my fav saying goes

Sh@t happens sometimes you just get stuck in the middle of it !

1 | 2 | 3 | 4 | 5 | 6