Got a credit card? use our Credit Card & Finance Calculators
Thanks to gpadsa,Steffers0,lansdown,Wasron,jfgw, for Donating to support the site
Beware 1st Feb
-
- Site Admin
- Posts: 1458
- Joined: November 3rd, 2016, 11:03 pm
- Has thanked: 10 times
- Been thanked: 502 times
Beware 1st Feb
Passwords require replacing every 90 days on this site. As many of you joined 5th November, thats about then.
I would suggest you go into your control panel ahead of this time and change it. As if i'm hit with a pile of "i forgot" requests, it will take me a while to process you all
I would suggest you go into your control panel ahead of this time and change it. As if i'm hit with a pile of "i forgot" requests, it will take me a while to process you all
-
- Lemon Half
- Posts: 6069
- Joined: November 5th, 2016, 9:05 am
- Has thanked: 20 times
- Been thanked: 1419 times
Re: Beware 1st Feb
stooz wrote:Passwords require replacing every 90 days on this site.
That would be this site's implementation rather than a generic feature of phpbb. Is it really necessary?
-
- Lemon Half
- Posts: 7910
- Joined: November 4th, 2016, 11:24 am
- Has thanked: 7 times
- Been thanked: 3053 times
Re: Beware 1st Feb
stooz wrote:Passwords require replacing every 90 days on this site.
Why? Seems massive overkill for such a site.
-
- Lemon Quarter
- Posts: 4179
- Joined: November 4th, 2016, 9:42 pm
- Has thanked: 1004 times
- Been thanked: 1855 times
Re: Beware 1st Feb
mc2fool wrote:stooz wrote:Passwords require replacing every 90 days on this site.
Why? Seems massive overkill for such a site.
Even TMF didn't have an expiry date for passwords. Login cookies expired, but passwords never.
-
- Lemon Half
- Posts: 6385
- Joined: November 4th, 2016, 11:35 am
- Has thanked: 1882 times
- Been thanked: 2026 times
Re: Beware 1st Feb
Given the minimal damage a single normal user could do, having an enforced reset period is probably unnecessary.
-
- Lemon Slice
- Posts: 470
- Joined: November 8th, 2016, 1:42 pm
- Has thanked: 223 times
- Been thanked: 210 times
Re: Beware 1st Feb
I had enough trouble trying to come up with a password the first time round...
"Password must be between 8 characters and 30 characters long, must contain letters in mixed case and must contain numbers."
I imagine forcing a password change will put off most lurkers like me. Is it absolutely necessary?
"Password must be between 8 characters and 30 characters long, must contain letters in mixed case and must contain numbers."
I imagine forcing a password change will put off most lurkers like me. Is it absolutely necessary?
-
- Lemon Slice
- Posts: 409
- Joined: November 4th, 2016, 10:43 am
- Has thanked: 187 times
- Been thanked: 156 times
Re: Beware 1st Feb
As has already been said that is massive overkill and will be hugely detrimental, and as Alaric said this must surely be a configurable feature,
Stooz please make this your number one priority to change.
Stooz please make this your number one priority to change.
-
- Lemon Quarter
- Posts: 2303
- Joined: November 4th, 2016, 4:20 pm
- Has thanked: 1906 times
- Been thanked: 870 times
Re: Beware 1st Feb
I too think enforced password changes are unnecessary.
Please reconsider.
Staffordian
Please reconsider.
Staffordian
-
- Lemon Half
- Posts: 6139
- Joined: November 4th, 2016, 1:12 pm
- Has thanked: 1589 times
- Been thanked: 1801 times
Re: Beware 1st Feb
It seems the 90 day forced password change option has been selected by stooz but can be amended or disabled, if I've understood this correctly:
https://www.phpbb.com/support/docs/en/3 ... al_server/
Extract:
"FORCE PASSWORD CHANGE
It is always ideal to change passwords once in a while. With this setting, you can force your users to change their passwords after a set number of days that their passwords have been used.
Only integers can be entered in the text box, which is located next to the DAYS label. This integer is the number of days that, after which, your users will have to change their passwords. If you would like to disable this feature, enter a value of "0"."
https://www.phpbb.com/support/docs/en/3 ... al_server/
Extract:
"FORCE PASSWORD CHANGE
It is always ideal to change passwords once in a while. With this setting, you can force your users to change their passwords after a set number of days that their passwords have been used.
Only integers can be entered in the text box, which is located next to the DAYS label. This integer is the number of days that, after which, your users will have to change their passwords. If you would like to disable this feature, enter a value of "0"."
-
- Lemon Half
- Posts: 9129
- Joined: November 4th, 2016, 1:16 pm
- Has thanked: 4140 times
- Been thanked: 10032 times
Re: Beware 1st Feb
staffordian wrote:
I too think enforced password changes are unnecessary.
Please reconsider.
Staffordian
I've got to agree with that, and would go further to suggest that keeping such functionality active would lead to some users actually migrating away from the board. We've all got enough passwords in our lives, and I can't really see the benefit of a 90-day-rule for a bulletin board. I've had the same password with my bank for over 15 years now!
I'd suggest turning off all requirements to change a password once set-up, other than allowing a user to do so if they wish to themselves.
Certainly seems to be a case of the downsides to such a requirement completely overwhelming whatever positive benefit doing so might bring, and as many people have already said - TMF managed to allow users to keep their passwords indefinitely, with no detrimental effects as far as I'm aware.
Are you open to turning the requirement off Stooz?
Glad you brought it up, mind!
Cheers,
Itsallaguess
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3261 times
- Been thanked: 2857 times
Re: Beware 1st Feb
Itsallaguess wrote:
I've had the same password with my bank for over 15 years now!
Itsallaguess
Yes, I noticed you never change it
--kiloran
-
- 2 Lemon pips
- Posts: 246
- Joined: November 4th, 2016, 11:00 am
- Has thanked: 726 times
- Been thanked: 103 times
Re: Beware 1st Feb
Stooz, I forgot my original password and you were brilliant sorting it out for me. Please don't make me change it again !
Tricia
Tricia
-
- 2 Lemon pips
- Posts: 195
- Joined: November 4th, 2016, 3:25 pm
- Has thanked: 72 times
- Been thanked: 34 times
Re: Beware 1st Feb
Ye gods, to choose a new password, I'd have to know what the old one was, and I'll never manage that!
-
- Lemon Half
- Posts: 6069
- Joined: November 5th, 2016, 9:05 am
- Has thanked: 20 times
- Been thanked: 1419 times
Re: Beware 1st Feb
Gaggsy wrote:"Password must be between 8 characters and 30 characters long, must contain letters in mixed case and must contain numbers."
Those with a working knowledge of chess openings and notation might wish to consider using these. For example "Spanish" would be e4e5Nf3Nc6Bb5. The sequence e4e5f4 was a plot point in a recent episode of the Morse prequel "Endeavour".
-
- Lemon Quarter
- Posts: 3644
- Joined: November 4th, 2016, 10:00 am
- Has thanked: 564 times
- Been thanked: 1616 times
Re: Beware 1st Feb
I always find a requirement to change passwords frequently is considerably LESS secure. Because everyone needs to write them down to remember them.
Gryff
Gryff
-
- Lemon Quarter
- Posts: 2001
- Joined: November 4th, 2016, 10:25 am
- Has thanked: 223 times
- Been thanked: 475 times
Re: Beware 1st Feb
I agree that it seems overkill, albeit good security practice. I presume the system doesn't store old passwords so there's presumably nothing to stop one changing it to a new password and immediately back to the previous one?
-
- Lemon Quarter
- Posts: 2081
- Joined: November 4th, 2016, 11:53 am
- Has thanked: 3203 times
- Been thanked: 417 times
-
- Lemon Quarter
- Posts: 2081
- Joined: November 4th, 2016, 11:53 am
- Has thanked: 3203 times
- Been thanked: 417 times
Re: Beware 1st Feb
chas49 wrote:I agree that it seems overkill, albeit good security practice. I presume the system doesn't store old passwords so there's presumably nothing to stop one changing it to a new password and immediately back to the previous one?
===
i wouldnt bet on it .
-
- Lemon Quarter
- Posts: 2368
- Joined: November 4th, 2016, 8:46 pm
- Has thanked: 527 times
- Been thanked: 1013 times
Re: Beware 1st Feb
Where *is* the control panel, anyway? What does it look like? I see the little "gear cog", but it doesn't have a password option that I can see.
MDW1954
MDW1954
-
- Lemon Quarter
- Posts: 2303
- Joined: November 4th, 2016, 4:20 pm
- Has thanked: 1906 times
- Been thanked: 870 times
Re: Beware 1st Feb
MDW1954 wrote:Where *is* the control panel, anyway? What does it look like? I see the little "gear cog", but it doesn't have a password option that I can see.
MDW1954
Ckick on the small arrow beside your username at the top of the page (not sure if its there on every page, but it's certainly on some...)
Then go to profile, edit account settings.
Staffordian
Return to “Room 102 - Site Issues, Complaints & General Chat”
Who is online
Users browsing this forum: No registered users and 12 guests