Earlier this morning (November 14, 2009) ChristianBlog.Com put into place a number of additional security features to help protect our members account. Our new Account Security System will greatly increased the primary security of our members account. Upon your first login you will be taken to a new form where you will be asked to review/update some existing account information as well as provide some new information for our new Account Security system.
At the heart of this update is a move away from traditional passwords into a higher level of account security using the very popular Passphrase methodology of cryptography.
If you are really into knowing the details we recommend reading up on passphrases at these links: Wikipedia: Passphrase, The passphrase FAQ, Passphrase FAQ, The Diceware Passphrase and if you really cannot think of something to use, try the Passphrase Generator - though we really recommend you try to think of something to use yourself.
As for the additional security the change is making on our end by making this change: We are being able to go from a max-password-strength of 2.03703597 x 10 to a max-passphrase-strength of 3.33591084 x 10 - which is a whole bunch of zeros! This is going to make it theoretically impossible for somebody to crack your passphrase and gain access to your account (that is, if you choose a complex enough passphrase.)
Questions & Answers:
We have also added a password passphrase reset "questions and answer" feature, which includes providing two answers to two questions we ask. This will be used to help you quickly and easily update your passphrase in the future - should you forget your passphrase or just want to update it.
We have also switched to use a different "time zone" system, which is not yet fully implemented throughout the website - but will be soon. We have switched from using a "time offset" to use a true time-zone system, where you select the nearest time-zone to where you live. We have listed 339 different time-zones, so somewhere within the list should be a location that is relatively close to most of our members.
None Security Related Updates:
We have also updated a few items that are not related to your account security.
The first is that we have now added a neat feature at the top of your "My Account" page that shows you a progress of your account activity at the ChristianBlog.Com website. At the moment we are highlighting: Biography, Testimony, Avatar, Blogging. Down the road we will be adding additional points to the progress bar that will involve things like joining a CB Group, posting Open Disucssions, and such.
The second update is that we have updated our CB Chatroom software. Sadly, this will mean that in order to access the chatroom you will again have to go through the "If this is your first time using our NEW chatroom you will have to click here to authorize the chatroom to access your ChristianBlog.Com account and log into the chatroom" process, when the initial pop-up window opens. If you do not do this you will not be able to access the chatroom. Please remember that you will also need to have your Biography set before you can access the chatroom.
We have also updated both the Biography and the Testimony sections of our website. Both now require at least 50-words in order to add/update. It should be very easy for anybody to be able to share at least 50-words about themselves and how they came to know the Lord.
We have also added a new Avatar page to help you quickly add/change your avatar!
We have also resolved some minor issues with the CB Groups system. CB Group Owners should refer to the CB Group Owners Group.
For now, that is about all we have to share. We hope the transition to the new security system does not cause too much trouble for anybody. We are aware that going from a "password" to a "passphrase" might be a shock for many of you. However, we hope it will serve as a good re-enforcement of just how important we take the protection of your account here at ChristianBlog.Com!
I can not enter the chat room. It keeps telling me that my e-mail address is already taken. Well of course it is taken, it is mine and there is only one of me.
Please, anybody, let me know if you have ANY problems updating your account from the "password" to the "passphrase" on the page you are taken too after you login.
I just have a suggestion about the Time Zone thing. I looked in the list and could not find any city close to where I live, but did find a city several hundred miles east of me that was still in the same time zone. (I had to go to [u][b][url]http://www.worldtimezone.com/index24.html[/url][/b][/u] though to be sure.) Is there a way to create a map of some kind on your Time Zone page that would allow a person to click approx. where they live instead?
I found the current method a little hard to deal with, sorry.
Having a hugh problem. Here is what is happening:
I click 'Sign In"
I enter my email address
I enter my new passphrase
I click "Press to continue" what comes up is:
"Website Information" "Sorry but you must be logged into christianblog.com in order to access the page you requested to view."
When I click most of the options after that I get a "security warning" pop-up asking me if I want to view un-secure pages only. However, when I click "Return to previous page" it brings me back to the page to enter my password again... BUT... at the top of the page it displays the format as if I was logged in: HOME PROFILE ACCOUNT FRIENDS ect... by clicking one of those I got in... but I'm not sure I like getting in that way...I need it to accept my password so I know my personal info. is secure, don't I? Very confusing.
Oh, John... I did do my initial changing of my password on a different computer...one that is available where I work. Could that have created the mess it's doing using my computer at home?
I scanned for any virus or problem on my computer. No problem came up on my end. I hate to be a problem about it...but is there a way you can reset my account so I can do the 'passphrase' process as if it were the first time...that way I could do it on my own computer at home. It kinda bothers me that I can access my account on the same page my password is being asked for.
John. hate to be a pain the glutius Maximus. butttt. i cant get back into Chat after i timed out. I used my new passphrase thing and nothing happened. I also cant type it in fully coz it wont allow me. Not enough spaces for it.
Exactly how specific do we really have to be in regards to time zones, John? I mean, while I am more than 400 miles from Chicago I know we are in the same time zone. My town on the other hand or any other place in my state isn't even listed. So, I listed Chicago. If this is fine, then in the U.S. the eastern time zone is the same as New York City, central time is the same as Chicago, mountain time is the same time as Denver and pacific time is the same time as as Los Angeles.
In regards to the timezones... I did not just magically pull this list out of nowhere. The list has been around since before I was born and has been updated throughout the last 30+ years, as is necessary. See [url=http://en.wikipedia.org/wiki/List_of_zoneinfo_time_zones]here for further details on the list[/url]. No where does the new system/method say "select the nearest city"... it says "select the timezone". Perhaps this could be a great local geography learning time for some of you. ;)
In regards to the chatroom access... the instructions above in the blog itself made it very clear what you have to do to re-gain access to the chatroom. It worked perfectly for me, the first time, for two different accounts... so no idea why it is not working (if you follow the instructions) for anybody.
ps: yes, I know... "los angeles" is listed at the top... eventually I am going to try to list all of the USA time-zones at the top... but, that will have to wait for a day when my own geography classes from 20 years ago pop back into my brain :D
The first time I tried to get into chat I failed because I did NOT read the instructions carefully. You have to start from square one and authorize your account. Once you do that, you will be fine. If you get a message which says your email is already registered, don't freak out... like I nearly did. It simply means you ARE registered now and you're probably continuing to poke about at stuff like I was. LOL!
Go back to the chatroom login screen and login using your passphrase and that should be that. This was my experience and it has worked just fine.
I had no problem resetting everything... in fact my chatroom when I went through "new authorization" really did it automatically.. However, a quick note for John... noted that when I went to change some Personal Information, it would not accept new passphrase... had to use old password. -Small thing... just might want to put it on your "To-Do" list.
[quote=shadowwalker]it would not accept new passphrase... had to use old password[/quote]
I have made the transition from the old password to the new passphrase, using a new passphrase, at least 50 times over the last week, in testing and upgrading my own accounts - with zero problems.
Without knowing the details of "it would not accept" there is very little I can do to further comment on your note.
O.K, John.. when I updated my Personal Information by removing some details, the last item on the page was to type in password to authorize changes. I tried to type in new passphrase three times. It rejected it three times... Typed in old password, and it accepted it. May have been a momentary glitch, I don't know... just thought you would like to know..
ok.. i've had some difficulty logging in... I have to log in 3 times to get to the home page! I get the error message to update my account settings or log in! but
at the third attempt, I finally get in...
Ok, so it looks like I have been successful in the latest attempt to get all of our members logged back into the website.
Yesterday was one of the worst days this year of problem solving for ChrstianBlog.Com and than hours and hours of development.
As of the close of day today, I only got a single email from somebody who said they could not log into their account, and than later was able to on their own.
If you are a member who has not yet contacted me about not being able to log into the website, or maybe you have and I missed your message, the key to getting access to your website is to head to the [internallink=http://www.christianblog.com/resetpassword.php]Password Reset[/internallink] page and go through the process of resetting your password. Once you have reset your password, you will be able to validate your account and switch to the passphrase system, at which point you will be able to log into your account.
I am very truly sorry to everybody who has had issues with this whole ordeal. Never in my 15+ years of software development have I gone through the type of security change that I recently did with ChristianBlog.Com - there were obviously issues I did not have the fore-knowledge of, that ended up causing major issues. A lesson (actually, a bunch of them) learned for me - and a huge trial for many of you. My utmost apologies.
John B. Abela