• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

It's your fault if you failed to update your electronic mail.

nerdbat

Green butt of reason
Any site can be hacked. No matter the security. If the right person wants to hack it. Hell, DeviantArt isn't a non-profit oginization and people's accounts get hacked on a daily bases.
Isn't really the same thing - when people's accounts get hacked, it's usually people who screw up at securing them properly (using stock passwords, giving info to third party, etc.) - for example, there's no way to directly hack DA account from inside the site, and the site itself is well secured. When whole social network is getting stolen, that's a whole different story.
 

DravenDonovan

You can call me Oni~
Isn't really the same thing - when people's accounts get hacked, it's usually people who screw up at securing them properly (using stock passwords, giving info to third party, etc.) - for example, there's no way to directly hack DA account from inside the site, and the site itself is well secured. When whole social network is getting stolen, that's a whole different story.
True, but that still doesn't deflect the statement that 'any site can be hacked'. If the right person has reason enough too.
 

nerdbat

Green butt of reason
True, but that still doesn't deflect the statement that 'any site can be hacked'. If the right person has reason enough too.
There's no deny that "any site can be hacked" - it's just that "any good site owner should be responsible as hell for its security". That's why many popular websites are getting to seemingly ridiculous degrees in terms of protecting everything, to the point of being near-impenetrable - because if you lose your own info to a hacker, then you're the only one who's screwed, but if you lose a whole database to a hacker, everybody on the site is screwed, and you're the one who's guilty for letting that happen.
 
Last edited:

ChromaticRabbit

lagomorphic
Banned
I think the concept of "fault" is going too far, but if we must discuss fault, let's discuss furaffinity's fault for not allowing me to change my own password prior to the mass-change imposed upon my account without warning.

Here's another irony: I want to change my forum associated email to my current e-mail address, but the forum software refuses to allow me when I provide it and my password, returning the following error: "Email addresses must be unique. The specified email address is already in use."

I have no idea what it's referring to, but I offered it the correct current e-mail. Is that also MY fault, and what am I supposed to do now, eat cake? Will someone then tell me again it's somehow my fault that I didn't change the e-mail address associated with my forum account, even though I tried and was not permitted to do so?

Please. Who are you trying to kid?
 
Last edited:

HTML

<neck content="beard"/>
I think the concept of "fault" is going too far, but if we must discuss fault, let's discuss furaffinity's fault for not allowing me to change my own password prior to the mass-change imposed upon my account without warning.

Here's another irony: I want to change my forum associated email to my current e-mail address, but the forum software refuses to allow me when I provide it and my password, returning the following error: "Email addresses must be unique. The specified email address is already in use."
Please. Who are you trying to kid?
I'm not sure how they could've allowed people to change their passwords without the possibility of giving the hackers ample time to do a massive takeover of accounts.

That is kind of strange. I'd expect unique emails to only be a sign-up requirement since it doesn't make much sense if the account is already verified.
 

DravenDonovan

You can call me Oni~
I think the concept of "fault" is going too far, but if we must discuss fault, let's discuss furaffinity's fault for not allowing me to change my own password prior to the mass-change imposed upon my account without warning.

Here's another irony: I want to change my forum associated email to my current e-mail address, but the forum software refuses to allow me when I provide it and my password, returning the following error: "Email addresses must be unique. The specified email address is already in use."

I have no idea what it's referring to, but I offered it the correct current e-mail. Is that also MY fault, and what am I supposed to do now, eat cake? Will someone then tell me again it's somehow my fault that I didn't change the e-mail address associated with my forum account, even though I tried and was not permitted to do so?

Please. Who are you trying to kid?

Who was talking about the 'forum' email in this thread, other than yourself? o_O We're talking about failing to keep your email up-to-date on FA a fault of the user, not the Forum. If it's a case where a site won't allow you to change said email, that's a different matter all together, and you should notify an admin to help?
Also, even if they had allowed you to change your password prior to the mass forced password reset, you would have had to change it again anyways.
 

DravenDonovan

You can call me Oni~
I'm not sure how they could've allowed people to change their passwords without the possibility of giving the hackers ample time to do a massive takeover of accounts.

That is kind of strange. I'd expect unique emails to only be a sign-up requirement since it doesn't make much sense if the account is already verified.
I think it's referring to not being able to use the same email twice. Meaning the site is trying to say the new email they are trying to switch out from their old email is already in use on the site.
 

ChromaticRabbit

lagomorphic
Banned
I'm not sure how they could've allowed people to change their passwords without the possibility of giving the hackers ample time to do a massive takeover of accounts.

That is kind of strange. I'd expect unique emails to only be a sign-up requirement since it doesn't make much sense if the account is already verified.
In truth, there's no perfect answer-- it's usually best to store passwords in a manner that limits impact if the password hashtext is exfiltrated, but even SHA512 hashes will be vulnerable to dictionary-based attacks, and short simple non-dictionary passwords to brute force. Mix a few GPUs into the effort and accounts will rapidly fall. Has FA followed up with suitable password complexity requirements and password hash strength behind-the-scenes on a going-forward basis to limit impacts if this problem reoccurs?

I can only suppose I set up another forum account long ago and promptly abandoned it, but now it may be tying up my efforts to associate my live e-mail account with this forum account (the old one belongs to a TLD that no longer exists). Perhaps I should just implement my domain's SMTP service again and abandon gmail once more... As if I really needed another reason to, google mines me for gold.
 

ChromaticRabbit

lagomorphic
Banned
Who was talking about the 'forum' email in this thread, other than yourself? o_O
Who distinguishes between their FA account and their FA Forum account? Isn't it reasonable to conflate the two, even if they are technically separate? Anyway, it's not a huge deal, though I would expect many or most FA Forum users in fact used the same usernames and passwords as they did on FA, so it mystifies me that one was mass-changed and the other completely ignored, but, hey, here I am as a consequence.
 

DravenDonovan

You can call me Oni~
Who distinguishes between their FA account and their FA Forum account? Isn't it reasonable to conflate the two, even if they are technically separate? Anyway, it's not a huge deal, though I would expect many or most FA Forum users in fact used the same usernames and passwords as they did on FA, so it mystifies me that one was mass-changed and the other completely ignored, but, hey, here I am as a consequence.

I was just saying that the thread's focus is on the issue with the FA site, not the forum. So no one was calling anyone out on not being able to change their email on another site. Yes, this forum is tied to the initial site, but unless you have vital information listed somewhere on your account here, it isn't necessary.
There isn't any need to change your email, unless said email is inaccessible. Changing the password to your email, if the same email is used that you used on FA is a different matter. Some emails require you to use your phone number, for some unbeknownst reason, and people who did use the same password on their email and have their email hacked, too, are getting rather threatening phone calls.
Also a lot of commission artist on FA have their PayPal info on their site, too, and if they happened to use the same password for that are at a huge risk at losing money. I believe I heard a rumor one person, at least, had $200 taken out of their account.
The situation is a lot worse than how they made it sound to be, so if you do have any vital info with the same password, I'd be changing it. Also don't look at any strange emails from random people, either.
Yes, it's stupid to use the same email for everything, and yes that is soly the individual's fault if other accounts get hacked for that reason.
 

Jaegeralus

New Member
I was just saying that the thread's focus is on the issue with the FA site, not the forum. So no one was calling anyone out on not being able to change their email on another site. Yes, this forum is tied to the initial site, but unless you have vital information listed somewhere on your account here, it isn't necessary.
There isn't any need to change your email, unless said email is inaccessible. Changing the password to your email, if the same email is used that you used on FA is a different matter. Some emails require you to use your phone number, for some unbeknownst reason, and people who did use the same password on their email and have their email hacked, too, are getting rather threatening phone calls.
Also a lot of commission artist on FA have their PayPal info on their site, too, and if they happened to use the same password for that are at a huge risk at losing money. I believe I heard a rumor one person, at least, had $200 taken out of their account.
The situation is a lot worse than how they made it sound to be, so if you do have any vital info with the same password, I'd be changing it. Also don't look at any strange emails from random people, either.
Yes, it's stupid to use the same email for everything, and yes that is soly the individual's fault if other accounts get hacked for that reason.

Never in my time on the net has a phone number, moreso a cell one, has been required to register on almost anything. Google's GMail is the only one I know of where it's not required. The only possible defenses I can come up with as to why a number at all is needed is:

A) Slows down abusive users from registering so quickly to bypass bannings from some sites. This is defeated however, if the user is IP-banned, then it wouldn't really matter. Unless of course, you refresh your IP and repeat the process.
B) Password-recovery purposes.

I honestly do think though that e-mail services are carelessly setting up their users to be traced and harassed if e-mailing doesn't work.

It is important to have two e-mails in this day and age from nefarious schemes. You have one e-mail strictly to register whatever you want to on it. But you have another e-mail, strictly for online job applications that require signing up and additionally, paypal.

The other thing is that we've been advised for years from security experts that passwords should not be so simple to guess. The users should know better by now and it's hard for me to be sympathetic to those who don't heed that advice. All of my passwords simply gibberish between letters and numbers. People may say "well, that's too hard to remember..." um, it isn't if you know how to document it AND keystroke memory. That's how I remember mine is by their keystrokes. I never want to make a password that doesn't have a keystroke smooth and fluid.
 

Dalamin

I R B A Dalamin
I created my account in early 2006, over 10 years ago, with a yahoo account that fucked up about 4 years ago. At one point I had to reset the password every week, and eventually daily, until I lost all access to it.
FA however never used my email for anything and I didn't even realize I could change the email that I had registered, so when I made a Gmail account I just went about my normal routine, never expecting to NEED my old yahoo email. I still used FA on a regular basis. I watch hundreds of artists and browse and comment on a near daily basis.

I have now contacted accounts[at]furaffinity.net twice since the password reset (with my full information, account name, old email address, situation) with no reply. I feel like I'm never going to get my old account back and I might as well just make a new one. But again, I've had this account for over 10 years now. I'm pretty attached to it and just throwing it away feels pretty wrong and blatantly unnecessary considering how easily this could be fixed if I just got a reply...

I'm sorry if some people think we're idiots for not keeping all of our information meticulously up to date, but remember the saying: Out of sight, out of mind.
 

Jaegeralus

New Member
I created my account in early 2006, over 10 years ago, with a yahoo account that fucked up about 4 years ago. At one point I had to reset the password every week, and eventually daily, until I lost all access to it.
FA however never used my email for anything and I didn't even realize I could change the email that I had registered, so when I made a Gmail account I just went about my normal routine, never expecting to NEED my old yahoo email. I still used FA on a regular basis. I watch hundreds of artists and browse and comment on a near daily basis.

I have now contacted accounts[at]furaffinity.net twice since the password reset (with my full information, account name, old email address, situation) with no reply. I feel like I'm never going to get my old account back and I might as well just make a new one. But again, I've had this account for over 10 years now. I'm pretty attached to it and just throwing it away feels pretty wrong and blatantly unnecessary considering how easily this could be fixed if I just got a reply...

I'm sorry if some people think we're idiots for not keeping all of our information meticulously up to date, but remember the saying: Out of sight, out of mind.

Agreed. I'd be more concerned remembering what my work schedule is like than "oh my god! this furry art community is hacked and my e-mail/password is in danger! OH NOES!" comparatively.

I, too, have contacted that e-mail a couple times at best with the e-mail I'm currently using. Why the simple task of maybe automatically re-setting my e-mail to the new one than keeping the one that's deactivated is beyond their comprehension or capability for this FA staff is beyond me to understand.

I do not wish to make a new FA, even though I did, but it's moreso to collect free commissions from artists who don't know that I intend on paying them something for awesome work done. Once all that is done with, FA can just be a forgotten memory for all I care. I see others telling people to just move on and make a new account and live with it. Why? so ANOTHER attack can happen, non predictably, site is set in read only mode that prevents you from changing information all again? No. Thanks.
 
Top