• There has been a recent cluster of spammers accessing BARFer accounts and posting spam. To safeguard your account, please consider changing your password. It would be even better to take the additional step of enabling 2 Factor Authentication (2FA) on your BARF account. Read more here.

Change Your Password and Turn On 2FA, Please

tzrider

tzrider

Write Only User
Staff member
Administrator
Joined
Feb 20, 2003
Location
Pleasanton, CA
Moto(s)
Kaw N1K
Name
Andy
There has been a recent cluster of spammers accessing BARFer accounts and posting spam. In all cases, the email addresses of the BARFers had been compromised in a data breach and they seem to have re-used their password on BARF, as the logs do not show that anyone's password had been changed prior to the account being misused.

To safeguard your account, please consider changing your password. It would be even better to take the additional step of enabling 2 Factor Authentication (2FA) on your BARF account. You can use either email or an authenticator app. I would recommend the latter, as it is much more secure. Note that some password managers have an authenticator built in, which will fill in your 2FA code for you. A good free one is BitWarden, which runs on most computer and mobile platforms.

At this time, we are not taking the step of requiring 2FA. Our admins and moderators are required to use 2FA to ensure that accounts with elevated permissions are as secure as we can make them.

If your account is hacked, I will change its password, ban the IP address from which the account was being misused and send you email. If you have questions, please reach out to me, @tzrider.
 
Thank you tz. :thumbup

I guess spammers are more interested in the XenLife vs a well over a decade old VB software.
We have noted an uptick in new users and we have caught more spammy sticks trying to join.

Appreciate you all and please do update your password at a minimum.
 
2FA is not much of a hassle. Only have to do once a month. Not causing me any problems signing on.

Do it and help protect yourself and Barf.
 
no password sharing here, but I did go ahead and add 2FA....set up 2FA on my email awhile ago as well.
 
Appreciate the heads up, and unique PW here too.

But if I may rant on a bit, I am burned out on all this. Our company enacted MFA several months ago and we have to use an app. I need to authenticate to log into my PC, to access our network, to access Teams, and then for some strange reason Outlook again, and to access our SharePoint site, and because we are a division of a corporation, I need to authenticate to access corporate resources, and sometimes I get files that are locked and require authentication. Plus I run two work PCs for different reasons, so more joy there. AND I hold meetings where I need to log into the meeting room PCs, and authenticate a few more times. What's even better is that authentication expires in 11 hours. Oh, and our 3rd party services are on board, so to approve CC charges, to order trade show services, to access our accounting SW, and then there is the periodic state and IT mandated training modules. It's a dozen times every day, and some days more than 20. I see the exclamation points on my Teams and Outlook right now, so it begins. And for some stupid reason, I keep a strong PW on my phone, and face recognition barely works. I am MFA'd out, but I feel better now, and it's about time to :ride into work.
 
Sounds like your company could use a single sign on solution. Wouldn’t fix the conference room stuff, but would help with most of the rest.
 
Speaking of that (and not that I would, but...) it's interesting that XF doesn't support (afaik) "Login with Google" or whatever.
 
There might be a way to set that up, but I wouldn’t encourage it.
 
4321drowssaP is much stronger.
 
I'm an Identity and Access engineer. Making authentication secure and easy to use is literally my job. I'm ashamed to say I didn't have 2FA enabled on my BARF account, i changed my PW just to be safe and now it's enabled. Good call tz.

To address poor @ctwo 's experience, that sounds like you work somewhere that values security much more than usability, that's bad for morale. In the best setup enterprise networks you should:
  • Only be able to use a trusted, managed laptop or a mobile device with a full suite of security apps to access sensitive systems/documents
  • Authenticate with Proof-of-Presence (Biometrics or Yubikey touch+Yubikey PIN)
  • Only have to authenticate once per day unless you lock your screen to go to lunch or are away from your computer.
  • Have Conference rooms that automatically accept connections from trusted, unlocked laptops no extra auth.
Unless you work for the NSA or have a top-secret security clearance and are accessing documents in a SCIF that's all the auth you should need.
 
brylishehers said:
To address poor @ctwo 's experience, that sounds like you work somewhere that values security much more than usability, that's bad for morale.
Click to expand...
It does look that way, though companies end up with fragmented IAM frameworks for any number of reasons. A company I worked for was a subsidiary of a parent that was under CFIUS oversight and our infrastructure could not be tied to theirs in almost any way. We did use a few of their key systems, however, including their HR system, but would not have been allowed to integrate that with a single sign-in solution to automate onboarding, offboarding and changes.

He may also be in an environment where there are similar constraints. It doesn't make things any nicer for users, as his own rant makes clear. In the end, your remark about prioritizing security over usability is true, as usability can be solved for even in frameworks like what I described. It is harder though.

BTW, thanks for taking the steps you did here.
 
Last edited:
You must log in or register to reply here.
Back
Top