30 day log in

  • Active since 1995, Hearth.com is THE place on the internet for free information and advice about wood stoves, pellet stoves and other energy saving equipment.

    We strive to provide opinions, articles, discussions and history related to Hearth Products and in a more general sense, energy issues.

    We promote the EFFICIENT, RESPONSIBLE, CLEAN and SAFE use of all fuels, whether renewable or fossil.
  • Hope everyone has a wonderful and warm Thanksgiving!
  • Super Cedar firestarters 30% discount Use code Hearth2024 Click here

zrock

Minister of Fire
Dec 2, 2017
1,677
bc
What is with this new feature that i have to log in every 30 days and get emailed a code? This is quite annoying and out of all teh sites i belong to this is the only one that has this feature enabled
 
  • Like
Reactions: Highbeam
I have not seen that. I wonder if its a browser or antivirus thing?. I know that Norton will pop up a box my computer on occasion to search for cookies and other tracking data and if I selected it, I would have to relog onto many of the sites I frequent. That went away with edge that has a built in password "vault".
 
nop definitely not a Norton thing. i get the 30 day log in requirement right on this site when i enter and then get the email confirmation with the code to enter. Only other option is a check box to log in every time.
 
Due to spam reasons we had to force 2 factor authentication on members with compromised passwords. Your password was compromised in 7 breaches:
[Hearth.com] 30 day log in


I suggest you changing your password to a non-compromised one.
 
nothing wrong with my password for this site... I do not see why its your responsibility to add another authentication for me to access this site. All the forums i belong to and alot of them more active than this one and this is the only side.. This is a real PIA
[Hearth.com] 30 day log in
 
on a side note why are you going around searching for breaches on people email addresses?
 
nothing wrong with my password for this site... I do not see why its your responsibility to add another authentication for me to access this site.

There is something wrong with your password. It's been used before and has been breached.

It's the forum's responsibility to keep it secure. It's in your best interest to not reuse a password and to use a good one in the first place.

Monitoring on member's addresses is standard procedure to identify compromised accounts or users that are irresponsible with passwords. Again, to keep the forum secure.

MFA is becoming the norm everywhere as passwords are not good enough anymore. You should be embracing this, not railing against it.
 
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information. I moderate several forums much bigger than this and this is not common practice. Yes you can monitor a members email/username for issues within this site only, you do not have permission to use / monitor it outside of the site that is the user's responcibility only and anything outside of this site does not effect the site. You are now crossing a fine line of privacy... so now I wonder if u are accessing our passwords did the data breach come from here if so...
 
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information. I moderate several forums much bigger than this and this is not common practice. Yes you can monitor a members email/username for issues within this site only, you do not have permission to use / monitor it outside of the site that is the user's responcibility only and anything outside of this site does not effect the site. You are now crossing a fine line of privacy... so now I wonder if u are accessing our passwords did the data breach come from here if so...

I think you're reading into this.

If I'm taking @todo10 's post at face value, it's your email address that's being checked, not your password.

Forums get a crapton of spam, bots signing up, etc.
They likely subscribe to a service that checks addresses for compromise.
You had over your email address to a forum. (disassociated with your name, phone, or other PII because it's only a forum)
They likely received spam from your account or are just being proactive and upload the entire user list of email addresses to their service.
You're flagged.
In order to protect their forum, they turn on MFA for you to make sure you're not a bot.

This is not a big deal.

What is a big deal is that you've been compromised. You should think about using MFA on EVERYTHING, changing your passwords, use a password manager, and use unique passwords everywhere. Your cyber hygiene is lacking, apparently.
 
  • Like
Reactions: todo10 and webfish
We do not access your password.
 
  • Like
Reactions: sneefy
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information.
We don't know your password and don't have any way to access to it because it's encrypted in the forum database and uniquely salted (https://www.techtarget.com/searchsecurity/definition/salt#:~:text=What is password salting?,stealing them from the database.)
so now I wonder if u are accessing our passwords did the data breach come from here if so...
Like I've stated, the data breach information comes from https://haveibeenpwned.com/. There you can see all the compromised sites.

We are helping you to protect your account in the forum because if your forum accounts is hacked, you could say the breach was ours.
In your case, your password, email and even phone number was cracked from the following sites:
[Hearth.com] 30 day log in


Pay attention to the last 2 breaches which happened this year. The hackers got your IPs as well and who hacked Shopper got your physical address.
If there is somebody to blame, its them.
Here you can read about the privacy policy of this tool: https://haveibeenpwned.com/Privacy AND the entire password isn't checked, only the first 5 characters:
[Hearth.com] 30 day log in


So basically when both usernames and password matches, then we trigger that alert that asks the user to enable 2FA.
 
  • Like
Reactions: begreen and sneefy