30 day log in

  • Active since 1995, Hearth.com is THE place on the internet for free information and advice about wood stoves, pellet stoves and other energy saving equipment.

    We strive to provide opinions, articles, discussions and history related to Hearth Products and in a more general sense, energy issues.

    We promote the EFFICIENT, RESPONSIBLE, CLEAN and SAFE use of all fuels, whether renewable or fossil.
Z

zrock

Minister of Fire
Dec 2, 2017
1,424
bc
What is with this new feature that i have to log in every 30 days and get emailed a code? This is quite annoying and out of all teh sites i belong to this is the only one that has this feature enabled
 
P

peakbagger

Minister of Fire
Jul 11, 2008
8,301
Northern NH
I have not seen that. I wonder if its a browser or antivirus thing?. I know that Norton will pop up a box my computer on occasion to search for cookies and other tracking data and if I selected it, I would have to relog onto many of the sites I frequent. That went away with edge that has a built in password "vault".
 
Z

zrock

Minister of Fire
Dec 2, 2017
1,424
bc
nop definitely not a Norton thing. i get the 30 day log in requirement right on this site when i enter and then get the email confirmation with the code to enter. Only other option is a check box to log in every time.
 
todo10

todo10

Administrator
Staff member
Oct 9, 2020
67
Due to spam reasons we had to force 2 factor authentication on members with compromised passwords. Your password was compromised in 7 breaches:
Screenshot 2023-05-02 at 10.30.34 AM.png

haveibeenpwned.com

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
haveibeenpwned.com haveibeenpwned.com

I suggest you changing your password to a non-compromised one.
 
  • Like
Reactions: sneefy, begreen and peakbagger
Z

zrock

Minister of Fire
Dec 2, 2017
1,424
bc
nothing wrong with my password for this site... I do not see why its your responsibility to add another authentication for me to access this site. All the forums i belong to and alot of them more active than this one and this is the only side.. This is a real PIA
1688564011717.png
 
Z

zrock

Minister of Fire
Dec 2, 2017
1,424
bc
on a side note why are you going around searching for breaches on people email addresses?
 
sneefy

sneefy

Member
Feb 20, 2022
145
Western WI
zrock said:
nothing wrong with my password for this site... I do not see why its your responsibility to add another authentication for me to access this site.
Click to expand...

There is something wrong with your password. It's been used before and has been breached.

It's the forum's responsibility to keep it secure. It's in your best interest to not reuse a password and to use a good one in the first place.

Monitoring on member's addresses is standard procedure to identify compromised accounts or users that are irresponsible with passwords. Again, to keep the forum secure.

MFA is becoming the norm everywhere as passwords are not good enough anymore. You should be embracing this, not railing against it.
 
Z

zrock

Minister of Fire
Dec 2, 2017
1,424
bc
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information. I moderate several forums much bigger than this and this is not common practice. Yes you can monitor a members email/username for issues within this site only, you do not have permission to use / monitor it outside of the site that is the user's responcibility only and anything outside of this site does not effect the site. You are now crossing a fine line of privacy... so now I wonder if u are accessing our passwords did the data breach come from here if so...
 
sneefy

sneefy

Member
Feb 20, 2022
145
Western WI
zrock said:
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information. I moderate several forums much bigger than this and this is not common practice. Yes you can monitor a members email/username for issues within this site only, you do not have permission to use / monitor it outside of the site that is the user's responcibility only and anything outside of this site does not effect the site. You are now crossing a fine line of privacy... so now I wonder if u are accessing our passwords did the data breach come from here if so...
Click to expand...

I think you're reading into this.

If I'm taking @todo10 's post at face value, it's your email address that's being checked, not your password.

Forums get a crapton of spam, bots signing up, etc.
They likely subscribe to a service that checks addresses for compromise.
You had over your email address to a forum. (disassociated with your name, phone, or other PII because it's only a forum)
They likely received spam from your account or are just being proactive and upload the entire user list of email addresses to their service.
You're flagged.
In order to protect their forum, they turn on MFA for you to make sure you're not a bot.

This is not a big deal.

What is a big deal is that you've been compromised. You should think about using MFA on EVERYTHING, changing your passwords, use a password manager, and use unique passwords everywhere. Your cyber hygiene is lacking, apparently.
 
  • Like
Reactions: todo10 and webfish
webfish

webfish

Hearth.com LLC
Staff member
Oct 18, 2013
1,796
Minnesota
We do not access your password.
 
  • Like
Reactions: sneefy
todo10

todo10

Administrator
Staff member
Oct 9, 2020
67
zrock said:
In your terms their is nothing giving u permission to search my password for a breach in fact you should have no access to my password information.
Click to expand...
We don't know your password and don't have any way to access to it because it's encrypted in the forum database and uniquely salted (https://www.techtarget.com/searchsecurity/definition/salt#:~:text=What is password salting?,stealing them from the database.)
zrock said:
so now I wonder if u are accessing our passwords did the data breach come from here if so...
Click to expand...
Like I've stated, the data breach information comes from https://haveibeenpwned.com/. There you can see all the compromised sites.

We are helping you to protect your account in the forum because if your forum accounts is hacked, you could say the breach was ours.
In your case, your password, email and even phone number was cracked from the following sites:
1688603176408.png


Pay attention to the last 2 breaches which happened this year. The hackers got your IPs as well and who hacked Shopper got your physical address.
If there is somebody to blame, its them.
Here you can read about the privacy policy of this tool: https://haveibeenpwned.com/Privacy AND the entire password isn't checked, only the first 5 characters:
1688603448626.png


So basically when both usernames and password matches, then we trigger that alert that asks the user to enable 2FA.
 
  • Like
Reactions: begreen and sneefy
You must log in or register to reply here.

Similar threads

Highbeam
Log truck loads of firewood in the pnw.
Replies
5
Views
558
The Wood Shed
Highbeam
Highbeam
Ashful
Logged out daily?
Replies
22
Views
861
New Forum Hints and your Questions & Suggestions!
begreen
begreen
Light in the Dark
Thermostatic stoves like Blaze King?
Replies
18
Views
867
The Hearth Room - Wood Stoves and Fireplaces
BKVP
BKVP
J
Monetary challenged stiff- backed wood processing ideas
Replies
3
Views
627
The Wood Shed
jackpine savage63
J
M
Huskee Log Splitter Info
Replies
4
Views
726
The Gear
Ashful
Ashful
Top Bottom