W3C home > Mailing lists > Public > public-digipub-ig@w3.org > February 2014

Fwd: Re: [Security] Requiring Changing W3C Passwords

From: Thierry MICHEL <tmichel@w3.org>
Date: Fri, 28 Feb 2014 14:35:49 +0100
Message-ID: <531090B5.7070301@w3.org>
To: W3C Digital Publishing IG <public-digipub-ig@w3.org>
FYI, All W3C users who have not changed their password
recently should be notified when they interact with protected resources
on our site.

Thierry


-------- Original Message --------
From: Ted Guild <ted@w3.org>
Reply-To: ted@w3.org
To: chairs <chairs@w3.org>
Date: Fri, 28 Feb 2014 08:21:30 -0500



Since this got forwarded to a publicly archived list please go ahead and
inform your groups.  All W3C users who have not changed their password
recently should be notified when they interact with protected resources
on our site as Janina and others experienced.

If your users do not know their current passwords they can recover them
via:

http://www.w3.org/accounts/recover

On Wed, 2014-02-26 at 15:52 -0500, Ted Guild wrote:
> On Wed, 2014-02-26 at 15:39 -0500, Janina Sajka wrote:
> > Tye W3 system prompted me to change my passwd about 2-3 weeks ago. I did
> > so. Am I now OK, or was this breach more recent?
>
> You are OK.  A sizable percent of AC and Chairs have not been
> interacting with resources on our site that require credentials and
> would have triggered the notice you received and acted on.
>
> We want to give Chairs and AC a head start before this gets communicated
> more widely.  I will send a follow up to Chairs list asking they
> encourage their WG participants to change passwords as well.  We will
> also be using the mechanism you noted to get attention of those using
> our site.
>
> https://www.w3.org/users/myprofile/edit/password

-- 
Ted Guild <ted@w3.org>
W3C Systems Team
http://www.w3.org
Received on Friday, 28 February 2014 13:36:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:35:48 UTC