Why to change forum passwords right now

Last Updated on April 23, 2017 by Dave Farquhar

If you regularly visit forums online, particularly forums powered by the forum software Vbulletin, you ought to change your forum passwords right now. The longer and more random you make them, the better.

A number of recent vulnerabilities in Vbulletin led to the password databases getting stolen. Vbulletin doesn’t store its passwords using anything resembling strong encryption, so it was easy to reverse most of the passwords. And if you’ve used that password anywhere else, then it’s trivial to try that e-mail address and password combination in other places and use it to steal other things, such as e-mail accounts, Facebook accounts, Ebay or Amazon accounts, or anything else.

So it’s very critical to never use a password you’ve used in Vbulletin anywhere else. Set the password to something long and obnoxious and random, save the password–even saving it in your browser is better security than using a password that’s easy to remember–and use it. The only way to compensate for Vbulletin’s weak password storage is to set the password to something that’s impractical to cycle through–that means long and random. Vbulletin’s maximum length is 50 characters. It wouldn’t be a bad idea at all to take advantage of that fact. Here’s some password advice from GCHQ.

If you found this post informative or helpful, please share it!