Software Portal Forces Password Change

Tuesday, May 27, 2014 @ 07:05 PM gHale


There will be a needed password change for open source software portal SourceForge following an update to the site’s security systems.

The company said it would require users to choose new passwords upon logging into their SourceForge user accounts.

RELATED STORIES
Malware Translates to Local Language
Malware Attack Approach: Deceptive Tactics
Top Q1 Mobile Threat Target: Android
Firms Watch Data Walk Out the Door

The move comes as online retail giant eBay continues to wrestle with the fallout from a breach of its systems. That company said it had suffered a compromise, and attackers were able to access database information that included encrypted passwords and physical address information.

More recently, eBay nixed claims the attackers who perpetrated the breach were able to decrypt passwords and are now selling off the lifted data. Whether it is true or not, eBay users will have to change their passwords as a precautionary measure.

SourceForge said no breach is behind its decision to require users to change their passwords. Instead, the site said it was implementing a new security system that will modify the way it handles and stores user credentials.

“To make sure we’re following current best practices for security, we’ve made some changes to how we’re storing user passwords,” administrators said in a blog post announcing the move.
http://sourceforge.net/blog/sourceforge-net-password-reset-required/

“As a result, the next time you go to login to your SourceForge.net account, you will be prompted to change your password. Once this is done, your password will be stored more securely.”

When contacted, SourceForge said that the password updates were part of a previous plan.

In the process of changing passwords, SourceForge is also asking users to choose a secure new password (as opposed to the incredibly weak ones users often select), and the site is reminding users of security best practices such as avoiding untrusted links and never sending password information in emails or entering them into suspicious recovery sites.



Leave a Reply

You must be logged in to post a comment.