All super users / admins on all Tendenci hosted sites will need to reset your passwords today. This can be done at <your site> /accounts/password/reset/
Why? People reuse passwords. You shouldn’t, and you know that, but you probably do. Therefore, in an overabundance of caution given the large number of data breaches on the Internet this year, we are resetting all superuser passwords to a long randomized string unique to each. I’d also like to emphasize that:
- We have not had a data breach,
- Your site has NOT been hacked to our knowledge (every site has it’s own “silo” meaning your site is isolated from all others in it’s own containers.)
- A LOT of other companies have reported breaches and humans tend to reuse passwords.
A quick visit to https://haveibeenpwned.com/ will show you how pervasive the problem is.
Next step: go to your login page and click “reset password” and pick a unique password hopefully with a space ” ” in it. Tendenci accepts spaces in passwords so USE THEM!
To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.
From: https://www.it.ucsb.edu/password-best-practices
Security is our top priority. Security is an inconvenience. Security best-practices are far better than the alternative. We apologize for the inconvenience but it is, after all, what we are paid to do.
This decision was made by me, Ed Schipul, the founder and CEO. And it was done without advance notice specifically to prevent bad-actors from knowing about it in advance and sending phishing emails to you. The Internet is unfortunately a rough place right now. Stay safe out there!