Jump to content

Plugin Boutique “your password is expired”


MrFigg

Recommended Posts

If the password expired, how did you get past the page that asked for the current password?  Didn't entering the current password in the top box just get into an endless loop?

ADDENDUM:  This was a very specific pair of interrelated questions.  It was not a generalized request for help wrt password updates. I generally appreciate the intentions of well-meaning forum members, but most of the replies seem to have misread the questions.  It happens. 

Edited by User 905133
added an Addendum based on the replies to the questions posted here
Link to comment
Share on other sites

23 minutes ago, User 905133 said:

If the password expired, how did you get past the page that asked for the current password?  Didn't entering the current password in the top box just get into an endless loop?

Current password

new password

confirm new password

  • Like 1
Link to comment
Share on other sites

27 minutes ago, User 905133 said:

If the password expired, how did you get past the page that asked for the current password?  Didn't entering the current password in the top box just get into an endless loop?

4 minutes ago, MrFigg said:

Current password

new password

confirm new password

  

Are you saying you got past the endless loop by typing "Current password" in the top box?

Edited by User 905133
added my questions for context; fixed typo
Link to comment
Share on other sites

7 minutes ago, User 905133 said:

  

Are you saying you got past the endless loop by typing "Current password" in the top box?

You enter your current password and chose a new one below. The platform still knows your current password, it just forces you to change it, for security reasons.

  • Like 1
Link to comment
Share on other sites

Clarification: If the password that used to work became invalid because it was expired once a person enters the expired password in the top box and a new password in the next two boxes how did you get past that when the following page was a repeat of the "Renew Your Password" page?  

Or are they asking for the same password to be typed in all three boxes?

The same thing happened several weeks ago when I pretended to forget my password.

Link to comment
Share on other sites

1 minute ago, audioschmaudio said:

You enter your current password and chose a new one below. The platform still knows your current password, it just forces you to change it, for security reasons.

Maybe they fixed the website after I complained about it a few weeks ago.  In my case I repeatedly got into an endless loop because my current password was not accepted, even after I pretended I had forgotten it.  I thought they had been hacked because it made no sense to ask for the Current Password after someone chooses the Forgot Password option.

Link to comment
Share on other sites

Quote

Hi,  For the first time since I started with Plugin Boutique, when I go to log-in, I get a message that says my password is expired.  So I am wondering if you have been hacked and have caused all account holders to change their password.

The current log in wants the Current Password, a new password, and a confirmation of the new password.  But, the password I had been using (allegedly expired) is not valid.

After several failures, I tried the Forgot Password option.  I hate to lie. I didn't forget it.  I have it stored in several places.  So I am wondering if your site has been hacked so as to force people to give a malevolent actor access to account information.

The "Forgot Password" option requires the use of the current password.

This (asking for the current password when the current password doesn't work) is also suspicious and could mean that your site/account management system has been hacked.

Please note: In their reply, they denied they were hacked.  They made it seem like they routinely have people renew their password ("every 6 months").

Quote

Thanks for your message and sorry for the late reply.
 
No, we have not been hacked and this action is normal for us. We prompt users to change/update their password every 6 months to ensure that their accounts are as secure as possible and are not compromised.
 
Are you experiencing issues updating your password?

Maybe they meant to say, "We have changed our login system and now prompt users to change/update their password . . . ." 

Have others had to change their password every 6 months?

Link to comment
Share on other sites

10 minutes ago, User 905133 said:

Have others had to change their password every 6 months?

I think they've only established this system recently.

It's unusual for a website to force users to renew their password every  few months, but they're not the only ones to do that and it's not necessarily a sign that they've been hacked. For a while it was recommended security practice to have an expiration policy for passwords.

It's strange that your old password wasn't accepted when trying to change the password. Mine was accepted.

Link to comment
Share on other sites

@User 905133
Companies update their websites all the time and many use such opportunities to upgrade their security systems (password databases, add captcha, etc.) and/or add new features to their web site(s).
For most companies this does not mean that they've been hacked, just that they are updating things. 

re:
"The "Forgot Password" option requires the use of the current password."
'Change Password' requires current password, 'Forgot Password' does not - perhaps you're choosing the wrong option?

If you're still having issues go to 
https://help.pluginboutique.com/hc/en-us/requests/new?ticket_form_id=8800811277844
and submit a ticket. 

I'm not affiliated with PluginBoutique, but was a web designer/programmer for many years.

Edited by TheSteven
  • Like 2
Link to comment
Share on other sites

2 hours ago, TheSteven said:

@User 905133
Companies update their websites all the time and many use such opportunities to upgrade their security systems (password databases, add captcha, etc.) and/or add new features to their web site(s).
For most companies this does not mean that they've been hacked, just that they are updating things. 

re:
"The "Forgot Password" option requires the use of the current password."
'Change Password' requires current password, 'Forgot Password' does not - perhaps you're choosing the wrong option?

If you're still having issues go to 
https://help.pluginboutique.com/hc/en-us/requests/new?ticket_form_id=8800811277844
and submit a ticket. 

I'm not affiliated with PluginBoutique, but was a web designer/programmer for many years.

Thanks for the reply.  I understand that companies  update their websites.  However, in today's computer/Internet environment with all sorts of places being hacked when a password has worked for years (including a few weeks before) and without any warning at all, the password suddenly has been expired, it is not unreasonable to ask if the company's site has been hacked. In my admittedly limited experience as an Internet User, companies usually have a periodic update requirement that has been in effect and has been known about or they will announce a change.  

The fact that the reply was worded to imply they routinely have users update passwords every six months is concerning; it flies in the face of my experience.  If they weren't hacked, there are other possibilities that I as an Internet user  consumer need to consider.

Quote

re: "The "Forgot Password" option requires the use of the current password."
'Change Password' requires current password, 'Forgot Password' does not - perhaps you're choosing the wrong option?

While anything is possible, I am 100% sure I did not choose the wrong option unless lying when I didn't forget it is morally wrong.  ?  

In fact, their website confirmed by e-mail that I chose the correct option:

Quote

Hello { correct e-mail address on file }!

Someone has requested a link to change your password. You can do this through the link below.

Change my password { link }

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

I got this after getting the infinite loop several times from choosing the "Forgot Password" option and being asked to supply my current password, being told my password was invalid/expired.

It is possible that they have (or had) several access points for their "Forgot password" option and after several tries I tried a different "Forgot password" link that wasn't tied in to the "Password Expired/Renew Password" web page hierarchy.  I have seen this kind of thing before where for some reason a link on one page contains an error while it is correct on another page.  In that sense, I might have selected the "wrong" option because the link didn't work. 

I suppose it is also possible that once I got the Expired/Renew page (even after logging out, logging back in, restarting my browser, etc.) the same page(s) with the same link(s) were pulled from my PC.  However, that almost never happens.

As for why all of a sudden my password became expired, if changes to their website/server caused the password to become expired, IMO they should not lead customers to believe this is what they have been doing all along. 

Several years ago I got a call purportedly from an area police department.  Allegedly someone used my credit card in my name to purchase several multi-thousand dollar gift cards from a nearby store that's part of a national chain. Allegedly the police were concerned because this is/was behavior associated with drug dealers/distribution rings. 

Needless to say, if suddenly I find my password has become expired for no apparent reason, red flags start flying, alarms go off, etc.

I have also seen how a company that provides a support service (such as accounting and/or billing) for another company can have a breach that has a cascading effect.  Even if the company owns up to the breach (usually minimizing it) the damage has been done.

2 hours ago, TheSteven said:

"The "Forgot Password" option requires the use of the current password."
'Change Password' requires current password, 'Forgot Password' does not - perhaps you're choosing the wrong option?

If you're still having issues go to 
https://help.pluginboutique.com/hc/en-us/requests/new?ticket_form_id=8800811277844
and submit a ticket. 

 

3 hours ago, User 905133 said:

Maybe they fixed the website after I complained about it a few weeks ago.  In my case I repeatedly got into an endless loop because my current password was not accepted, even after I pretended I had forgotten it.  I thought they had been hacked because it made no sense to ask for the Current Password after someone chooses the Forgot Password option.

 Maybe I wasn't clear.  I didn't just complain about the issue to friends and family or even complain here in the forum; I contacted Plugin Boutique.

Please note: Until this thread, I had no idea that others were also having their passwords unexpectedly expired.

11 hours ago, MrFigg said:

Anybody had this before?IMG_4871.thumb.png.c2f3ed162a260434ce6eda49c29716f3.png

 

Edited by User 905133
deleted errant words ("was") and ("the")
Link to comment
Share on other sites

3 hours ago, User 905133 said:

Maybe they fixed the website after I complained about it a few weeks ago.  In my case I repeatedly got into an endless loop because my current password was not accepted, even after I pretended I had forgotten it.  I thought they had been hacked because it made no sense to ask for the Current Password after someone chooses the Forgot Password option.

 

Edited by jesse g
Link to comment
Share on other sites

3 hours ago, User 905133 said:

Clarification: If the password that used to work became invalid because it was expired once a person enters the expired password in the top box and a new password in the next two boxes how did you get past that when the following page was a repeat of the "Renew Your Password" page?  

Or are they asking for the same password to be typed in all three boxes?

The same thing happened several weeks ago when I pretended to forget my password.

 It's like arriving to work and you type in your password on your computer but you are prompted to change it.  After you change the network password, you are allowed back into your computer but with a new password.   ?

Link to comment
Share on other sites

5 minutes ago, jesse g said:

 It's like arriving to work and you type in your password on your computer but you are prompted to change it.  After you change the network password, you are allowed back into your computer but with a new password.   ?

No, it's not! 

 

All other password changing  procedures I have had at various workplaces and indeed most work-related and consumer-based websites that require password changes did not cause the problems that I had with Plugin Boutique.  

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...