Greetings,
To make sure we’re following current best practices for security, we’ve made some changes to how we’re storing user passwords. As a result, the next time you go to login to your SourceForge.net account, you will be prompted to change your password. Once this is done, your password will be stored more securely. We recommend that you do this at your earliest convenience by visiting the SourceForge website and logging in.
And, as always, be vigilant about password security. Use a secure password, never include your password in an email, and don’t click on links for unsolicited password resets.
If you have any concerns about this, please contact SourceForge support at sfnet_ops@slashdotmedia.com
Best regards,
SourceForge Team
Did that – entered a password with 10 chars. Denied. 11 chars. Denied. 14 chars worked. The new password verification seems broken (done in FF29.0.1). (It said 10 char min)
I reset my password via e-mail, then said “why am I not using Open ID here, I’m clearly signed into google.” So I logged in to SF (new password), went to attach my Google account as an open ID, and it would not accept my new password. I changed my SF password (using my new password and confirming my now new-new password). Still no dice. Guess it’s just broken.
10 characters minimum? I’ve seen some draconian password requirements in my time but I have never seen 10 characters minimum for an online site. Why does SourceForge think they need more security than online banking?
How were they stored before?
[…] Hot on the heels of eBay’s password problems comes yet another password reset notification. […]
[…] made some changes to how we’re storing user passwords,” administrators said in a blog post announcing the […]
[…] changes on users despite no breach or apparent threat. The Reg quotes Sourceforge spokesman saying, "To make sure we’re following current best practices for security, we’ve made […]
[…] Hot on the heels of eBay’s password problems comes yet another password reset notification. […]
[…] SourceForge.net is asking all users to reset their passwords, not because they have been breached but because they are updating their security standards to keep up with the time. […]
[…] want to consider changing your password. The repository for software projects announced on their blog that the company made some changes in how it is storing user passwords, and prompts every user to […]
[…] quelques modifications à la façon de stocker les mots de passe des utilisateurs », déclarent les administrateurs sur un billet de blog annonçant le changement. Par conséquent, la prochaine […]