TLDR: Please Head to Forums > Your Settings > Change Your Password and reset your password otherwise you may find that parts of the site do not work
(and I'll force you to do it sooner or later anyway
).
Back in the Spring when I was finishing up the code for HPC:Factor's online Windows CE Installer file generator "CabMaker"
(
https://cabmaker.hpcfactor.com/ ). I discovered that the company who originally coded the forums software that the site uses made a number of security gaffes in their log-on processes.
I am not going to go into too much detail in the public domain as it may impact other sites.
Regardless, it became necessary to fix the problem and while I was there, to update the security. This work has now been done. All new user accounts to the site will be created using the new, significantly stronger and patched security model.
In the short-term, all existing user accounts on the site will continue to work as normal however as your passwords are one-way encrypted it is not possible for me to automatically switch you over to the new mechanism. Therefore, to slip over to the new model, you will need to manually change your password. Doing so will switch you over to the new model and will fully delete the original, flawed
(but still encrypted
) password information.
I have used the opportunity to also increase the minimum password length and complexity from 10 characters as it has been for the last decade up to 12. Additionally you will now require at least three of: Uppercase, Lowercase, Number and Special Character.
While the main site will run in hybrid mode. Until such time that you change your password, you will not be able to log into CabMaker
(
https://cabmaker.hpcfactor.com/ ).
I would like to stress in the clearest terms possible: This has
NOT been done in response to any hack, crack or compromise. There is nothing to suggest that you account is at risk. This is simply a precautionary measure and a proactive response to my becoming aware of a problem.
After this has been shaken out for a few months, I will likely force all old-method users to change their password at sign-in - although that functionality is going to have to be written into the forums from scratch too!
Thanks for your understanding in this matter. If you have any questions, please post them here along with any problems. Should you wind up locked out of the site completely for some reason as a result of these changes, please contact the webmaster.