BLUF passwords and security update

BLUF • policy • security • technical • tips

Submitted by Nigel Whitfield, BLUF webmaster, Nigel, aka SubDirectory (3), 23 February 2015

 

Index

As part of our commitment to keeping BLUF secure, we have today made some important changes to the way passwords are handled on the BLUF web site. We're posting this publicly for two reasons - first, so that people who have forgotten their password can understand the new system and secondly because we hope that it may encourage other sites to adopt similarly good practice.

No more passwords by email

In the past, when you joined BLUF or requested a password reset, we sent a temporary password by email. Many of our users, it appears, never bother to change this password, and so it can't be considered secure.

No more changing passwords directly

If you are signed in to BLUF it has been possible up until now to change your password, in a way similar to many other sites. You just entered the existing one (which is often stored in a user's web browser) and then the new one, twice. This, potentially, means that someone could easily change your password for you. This will no longer be possible.

How do I change my password now?

The new password system on BLUF sends you a link via email - so we must have your current email address - which can be used to set a new password.

You can request a link via the 'Forgotten password' option on the login screen, or by entering your password and clicking the Change Password button on the Account page of the site.

The link is valid for 48 hours; if you remember your existing password, you can just ignore the email, and the old password will still work.

When you click the link, you will be taken to a page where you can set your new password. You must type in your BLUF number, and enter the password twice. As you enter the password, a series of ticks will appear below it, to indicate the strength of the password. If you see a red X, then the password is not good enough, and will not be accepted - you cannot use words like "password"

The best passwords will get 4 green ticks, and we would encourage members to use a strong password. However, as long as there is no red X showing, the password will be accepted.

Enter the password twice, and click Continue. Your password will now be set, and you can sign in to BLUF.

What about new members?

These changes also mean new members will have a slightly different procedure to the previous one. Instead of containing a temporary password, the Welcome message will contain a link to the new password reset page.

You must click that link within 14 days, and then set a password in the same way as described above. You will then be able to sign in to BLUF.

What if the link expires?

If the link to set your password expires, you can request a new one from the login screen, or by asking a BLUF admin.

Something went wrong, but I'm not sure what

If there is a problem setting your password, we will try to give you as much information as we can. The most likely causes are

  • entering the wrong BLUF number
  • entering the wrong email address
  • not typing the password the same both times
  • not clicking the new password link before it expires

Sometimes, we can't give you the exact reason, because to do so might breach the privacy of a member. For instance, if you try to sign in to BLUF with an email address and password (you can type an email address instead of a BLUF number on the login screen), we will only tell you the information is wrong. We won't tell you if the password is wrong, or if the email is wrong, because to do that would make it possible to work out if someone is a BLUF member just by trying their email address. And that would be against our privacy rules.

Keeping things more secure

As well as this update to how passwords are changed, we have made some other changes to BLUF security over recent months. In particular, when the email address on an account is changed, a notification is sent to both the old and the new addresses. So, if you leave someone with access to your BLUF profile, they cannot change the address without your knowledge.

Additionally, the Profile Protection option - which is on the Account page - adds extra security by requiring that your password be entered again, before your Profile, Photos or Preferences are updated. We recommend you turn this on if other people may have access to your computer.

For the best security, BLUF also supports Two Factor Authentication. This requires that a separate app on a smartphone, or a small device called a Yubikey is used, either just when updating your details, or to log in to BLUF. This is similar to the way in which some online banks require you to enter a code from a small device to log in. If you wish to use Two Factor Authentication on your BLUF account, please contact the webmaster.

BLUF best practice

With the latest changes, BLUF is adhering to good practice as much as possible, and ensuring that we do whatever we can to protect the privacy of members

  • passwords are never stored in a way that allows BLUF admins (or anyone else) to find out what they are
  • passwords are never sent by email
  • obvious passwords like 'password' and '123456' cannot be used
  • password reset links are random, and only valid for a limited time
  • changes of email address are notified to both the old and the new address
  • the IP address of all requests to change passwords and email addresses is logged
  • users can choose to protect their profile with a password before any changes are made
  • for the best protection, Two Factor Authentication can be used for updates, and for logging in to BLUF
  • all user sessions with BLUF, including via our apps, use SSL encrypted connections, to protect from eavesdropping

I believe that, especially for sites that deal in sensitive personal areas like BLUF, it is important that we protect both the security of the site and the privacy of members. No one should ever be at risk, for instance, of a friend, family member or colleague being able to discover they have an online fetish profile, without their consent.

I hope these changes confirm to BLUF members that we take their privacy seriously. If you have any suggestions for further improvements, please let me know.

blog comments powered by Disqus