Related topics

Better safe than sorry: SourceForge pushes password reset

Site asks users to change up logins in security shakeup

Borked computer keyboard

Open Source software portal SourceForge is asking users to change their passwords following an update to the site's security systems.

The company said that it would require users to choose new passwords upon logging into their SourceForge user accounts.

The move comes as online retail giant eBay continues to wrestle with the fallout from a breach of its systems. That company admitted that it had been compromised, and that attackers were able to access database information that included encrypted passwords and physical address information.

More recently, eBay has moved to ward off claims that the attackers who perpetrated the breach were able to decrypt passwords and are now selling off the lifted data. Regardless, eBay users have been instructed to change their passwords as a precautionary measure.

According to SourceForge, no such breach is behind its decision to require users to change their passwords. Instead, the site said that it was implementing a new security system that will modify the way it handles and stores user credentials.

"To make sure we're following current best practices for security, we've made some changes to how we're storing user passwords," administrators said in a blog post announcing the move.

"As a result, the next time you go to login to your SourceForge.net account, you will be prompted to change your password. Once this is done, your password will be stored more securely."

When contacted, SourceForge said that the password updates were part of a previously plan, but announced security update rather than a reaction to eBay's recent trouble.

In the process of changing passwords, SourceForge is also asking users to choose a secure new password (as opposed to the incredibly weak ones users often select), and the site is reminding users of security best practices such as avoiding untrusted links and never sending password information in emails or entering them into suspicious recovery sites. ®

Sponsored: Designing and building an open ITOA architecture