Ski Club 2.0 Home
Snow Reports
FAQFAQ

Mail for help.Help!!

Log in to snowHeads to make it MUCH better! Registration's totally free, of course, and makes snowHeads easier to use and to understand, gives better searching, filtering etc. as well as access to 'members only' forums, discounts and deals that U don't even know exist as a 'guest' user. (btw. 50,000+ snowHeads already know all this, making snowHeads the biggest, most active community of snow-heads in the UK, so you'll be in good company)..... When you register, you get our free weekly(-ish) snow report by email. It's rather good and not made up by tourist offices (or people that love the tourist office and want to marry it either)... We don't share your email address with anyone and we never send out any of those cheesy 'message from our partners' emails either. Anyway, snowHeads really is MUCH better when you're logged in - not least because you get to post your own messages complaining about things that annoy you like perhaps this banner which, incidentally, disappears when you log in :-)
Username:-
 Password:
Remember me:
👁 durr, I forgot...
Or: Register
(to be a proper snow-head, all official-like!)

Password security changes

 Poster: A snowHead
Poster: A snowHead
As part of the continued program of improvements to the security of the forum, I have now activated a couple of changes which will hopefully go unnoticed by many people wink

The security breach that Snowheads suffered in November 2020 disclosed a large number of passwords and associated email addresses, which were able to be extracted from the system in encrypted form and then decrypted elsewhere because the encryption system used by the forum software was pretty good when the forum started back in 2004 but has not withstood the passage of time and the improvement in processing power and techniques since then. While these details alone are not enough to login to the forum (you need to enter a username, not an email address), @admin contacted all of the registered users of the forum to inform them of what had happened, and recommended that users whose details were disclosed should reset their password.

To address this, we have improved the perimeter security on the servers running the site, and have also implemented a more modern encryption system for all password data. Accounts have been automatically migrated over to this new method as they have logged in to the system, so most of the active users now have this in place.

To assist with choosing more secure passwords, we have now implemented the following changes after a period of extended testing with a small group of volunteers:

- the password change facility (which can be found under User Facilities/Forum Profile in the menu at the top left of the page) now requires that any new password meets some minimum complexity rules. Passwords must be at least 8 characters in length, and should contain upper and lower case, numbers, and symbols. Rather than require all of these, 3 out of 4 will be enough, or alternatively a password of 12+ characters which meets 2 of the other rules will be accepted. The strength of your new password will be indicated as you enter it, and it should not be possible to submit the form until the complexity requirements are met.

- on login, if your current password does not meet the complexity rules, you will see a warning to that effect which gives some details of what complexity classes are missing. For now, this is advisory - you can continue into the forum, but we would recommend that you set a more secure password when you can. In the near future, this may become a mandatory requirement to protect the forum and the other users of it.

- also on login, if you are found to still be using a password which we know was breached in the November attack, a warning about this will be shown, and you will be invited to change your password. Again, this is not yet mandatory, but it is strongly advised as the password you are using has definitely been compromised, and this could put you at risk of further attacks either on your Snowheads account, or anywhere else you may have used that password.

- the password entry forms have now been updated to provide a Show Password toggle, which will reveal what you have typed into the box so far. This is an Eye icon to the right of the password box - click it to reveal what you typed, and again to hide the password.

We will of course be monitoring the system during this introductory period, but if you have any problems with the system please send a PM to the security_hamster and I will investigate.

:ham:
ski holidays
 Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
OK Hammy -- thanks for your hard work - have a Carrot ! Wink
latest report
 Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
I (NickyJ) changed my password but not can’t sign back in. I know what I changed it to though and even if you don’t believe that - I let my phone save the new password, and that also won’t let me in.

So I clicked into he forgotten password and filled in those details but have yet to have an email through.

Using hubby’s account for the moment.

Thanks!
ski holidays
 You need to Login to know who's really who.
You need to Login to know who's really who.
I had the same problem Nicky. Turned out my auto fill was putting in my email instead of my user name on the top line. I changed that and it worked.
snow report
 Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
Think it may have been similar issue! I am back in the reset password think eventually came through. Though the password the forgotten password reset to was not inline with new password policy....
ski holidays
 You'll need to Register first of course.
You'll need to Register first of course.
@NickyJ, sounds like a fun start to the day, apologies for the stress.

The password reset value is not something I’d thought about - thanks for spotting that! I should be able to fix it relatively quickly.
latest report
 Then you can post your own questions or snow reports...
Then you can post your own questions or snow reports...
@dode, thanks, I may also be able to prevent the auto fill of an email address into the username field, which would also be useful for new registrations as we get a regular trickle of people who put their email address as their username and are then horrified to see it published on their first post, which leads to a username change request.
snow report
 After all it is free Go on u know u want to!
After all it is free Go on u know u want to!
Only FYI, but the only way that I managed to change my password after being told that it's not secure this morning was to press the "duh I forgot" button and proceed via a new password via email then a password change - all previous attempts were as users above but about 7 attempts to change password were rejected.
snow conditions
 You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
I have just changed mine (which was previously generated by the forum), it was a painless experience Very Happy
latest report
 Ski the Net with snowHeads
Ski the Net with snowHeads
Just changed my password with no problems Very Happy
snow conditions
 snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
Thank you admin for pointing me to the big yellow update password button thing - duly sorted Very Happy
ski holidays
 And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
Also just changed mine with no problems. Thanks for the gentle nudge.
ski holidays
 So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
So if you're just off somewhere snowy come back and post a snow report of your own and we'll all love you very much
@NickyJ, the password reset now produces a password which should meet the complexity requirements, and be in a format which is relatively easy to type if needed. For those who use a password manager, they can use the auto-generated password permanently if they wish. Those remembering the password value would do better to generate something more memorable
snow report



Terms and conditions  Privacy Policy