Why was my password automatically reset?

Before getting too far into the details, it's important to know that this was a proactive security update rather than a reactive update. No data or passwords have been compromised. We have just been taking steps to make sure that we're using the most current security practices. (If you're technically-minded, this migration was to move over to bcrypt.)

Sifter has always used one-way encryption for passwords in our database. This means that we can't see your password, and if someone ever gained access to our database, they wouldn't be able to see your passwords either. However, just because they were encrypted doesn't mean we were using the latest and greatest encryption to ensure they were even safer. Unfortunately, since everyone's passwords were saved with one-way encryption, we couldn't simply decrypt them and re-encrypt them with the stronger encryption.

For most people, we've been updating the passwords silently in the background as they logged into Sifter. When you logged in and provided your password, if it matched , we'd log you in, invisibly encrypt your password with our new encryption and save it at that time.

For a while, we maintained copies of everyone's passwords with both the old encryption and the new encryption so that we could verify your password and generate a version without bothering you. At some point, however, we needed to remove the older less secure versions of the passwords and begin using the new passwords exclusively. So, for anybody who hasn't logged in since we began using the newer encryption, we no longer have your old password, and thus need to generate a new password to send to you.

Once you login with the new password, you can change your password and have everything back to normal knowing that it's now saved with even stronger encryption than before.

Of course, if you have any questions, or need any help, please don't hesitate to get in touch.

Still need help? Contact Us Contact Us