Lamborghini Talk banner

1 - 4 of 4 Posts

·
Administrator
Joined
·
431 Posts
Discussion Starter #1
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
7 Posts
With all due respect, as a computer expert, I think this policy is a little misguided. Requiring a long, convoluted password, unique to this site is going to result in an avalanche of forgotten passwords, and "Password Reset" requests. The reasons behind the belief that long passwords with special characters are better are outdated. Such rules evolved to try and stay ahead of password cracking software that basically threw the dictionary at a password file, trying to crack passwords.

In 2016, however, that's not how accounts are hacked. Accounts are hacked because people use the same password across multiple sites, or they write them down, or deliberately give them to someone untrustworthy, or they leave themselves logged in and someone else bellies up to their computer.

If there's been no indication that this site has been hacked, why should everyone be required to come up with a new, extremely-complicated password every 365 days? If a password was secure yesterday, why would it be any less secure today?

The best passwords are ones that are long and easy to remember. They don't have to have special characters in them. Two random words, joined by a couple of numbers, is virtually impossible to crack, yet wouldn't pass the new constraints this site is imposing. Something like "Sicilian911Hamburg" is an extremely secure password, yet super easy to remember. But it would fail the new requirements of this site, because it doesn't have any punctuation or special characters.

I would encourage the admins of this site to reconsider the extremely constricting rules around password selection. A length requirement is fine, or even requiring a mix of upper and lowercase letters, maybe even a number. But beyond that is overkill, and only makes the passwords LESS secure, because people will have to write them down or save them somewhere insecure.

This is a car chat forum. Not a bank.
 

·
Administrator
Joined
·
5,162 Posts
All sites are requiring more complex passwords, so might as well deal with it.

Use Dashlane.com as a password storage. Problem solved.
 

·
Registered
Joined
·
130 Posts
With all due respect, as a computer expert, I think this policy is a little misguided. Requiring a long, convoluted password, unique to this site is going to result in an avalanche of forgotten passwords, and "Password Reset" requests. The reasons behind the belief that long passwords with special characters are better are outdated. Such rules evolved to try and stay ahead of password cracking software that basically threw the dictionary at a password file, trying to crack passwords.



In 2016, however, that's not how accounts are hacked. Accounts are hacked because people use the same password across multiple sites, or they write them down, or deliberately give them to someone untrustworthy, or they leave themselves logged in and someone else bellies up to their computer.



If there's been no indication that this site has been hacked, why should everyone be required to come up with a new, extremely-complicated password every 365 days? If a password was secure yesterday, why would it be any less secure today?



The best passwords are ones that are long and easy to remember. They don't have to have special characters in them. Two random words, joined by a couple of numbers, is virtually impossible to crack, yet wouldn't pass the new constraints this site is imposing. Something like "Sicilian911Hamburg" is an extremely secure password, yet super easy to remember. But it would fail the new requirements of this site, because it doesn't have any punctuation or special characters.



I would encourage the admins of this site to reconsider the extremely constricting rules around password selection. A length requirement is fine, or even requiring a mix of upper and lowercase letters, maybe even a number. But beyond that is overkill, and only makes the passwords LESS secure, because people will have to write them down or save them somewhere insecure.



This is a car chat forum. Not a bank.

:stupid::stupid::stupid:
:stupid::stupid::stupid:
:stupid::stupid::stupid:


Sent from my iPhone using Tapatalk
 
1 - 4 of 4 Posts
Top