Author

Topic: Forum password changes (Read 666 times)

legendary
Activity: 3654
Merit: 8909
https://bpip.org
March 24, 2016, 10:48:45 AM
#10
Forced password change is a 1980s security practice when looking over one's shoulder may have been an issue but it's nearly useless these days. It won't help if users are prone to reusing their passwords, they'll just do

password01
password02
password01
password02

A somewhat more robust approach is 2FA although it still creates issues as users lose their 2FA devices etc. Ultimately it's up to the user to choose a strong password and to keep it secure - there is only so much babysitting you can do.
global moderator
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
March 24, 2016, 05:15:07 AM
#9
If someone gets their account hacked then they get it hacked. Forcing people to change their password isn't going to stop them especially when most of the hacks come from users getting phished or downloading malware. It will likely just cause more problems as it will lead to users forgetting it as well.
full member
Activity: 239
Merit: 101
March 24, 2016, 05:14:13 AM
#8
Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister



That could be a reason some people don't change their password, as they dont want to look untrustworthy, who knows
full member
Activity: 145
Merit: 100
March 24, 2016, 05:08:16 AM
#7
Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister

hero member
Activity: 493
Merit: 500
Sarthak's a dumb girl
March 24, 2016, 05:06:41 AM
#6
The forum can do without it. If people are foolish enough to have their pass stolen, they will learn about it the hard way. 2FA is soon come in the new forum though
legendary
Activity: 1302
Merit: 1025
March 24, 2016, 05:02:32 AM
#5

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire?
I don't think it's necessary for the forum to implement this. Not all people like their password being changed from time to time specially for those who have a hard time remembering theirs. What could be an idea similar to this is that the forum could implement a warning that a password should be change over time so that a user can be reminded.
Too many folks like to use the same pass for every forums, what do you think?
Most users use the same password for a reason. Well, I know it's unsecured but for some people it's much better to have only one password to remember than forget everything everytime. The thing is I think people should just create a really strong password so othe people can't guess it and as a user it is the users responsibility to secure his data on his computer.
hero member
Activity: 1638
Merit: 756
Bobby Fischer was right
March 24, 2016, 05:02:23 AM
#4
Definitely a good idea.
Heard some rumours about forum 2.0. If they still working on it
im sure it will be implemented there.
Too much work with this one, I guess, password change today
is kinda buggy, unclear at least to me.
We have to wait for new version of bitcointalk.
hero member
Activity: 1372
Merit: 503
March 24, 2016, 05:00:02 AM
#3
I agree but youll likely to be hack if you use the same password for every forum you joined.
legendary
Activity: 1092
Merit: 1000
GATCOIN : The New Currency Of Digital Marketing
March 24, 2016, 04:59:09 AM
#2
With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?

Well, the main problem is that the security log is used to identify changed passwords, and this change is used to identify hacked/sold accounts and prevent users from getting scammed. Also, a lot of users don't log in for weeks/months, which might lead to forgotten passwords and lots of password reset requests for the admin.

Personally, i always encourage users to use a password manager (i use keypass), and generate a unique password per service.
full member
Activity: 239
Merit: 101
March 24, 2016, 04:52:35 AM
#1
With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?
Jump to: