Results 1 to 6 of 6

Thread: If you had it enough, just cycle between two passwords

  1. #1

    Angry If you had it enough, just cycle between two passwords

    Anyone who is annoyed at the stupid password obsolescence, join me in making two passwords and just swapping them every time this website demands you to change your password!

    It works! It saves you time and effort!

    This mechanism worked as a quick fix after the break-in, but now it is just a hack that doesn't even help much with security.

  2. #2
    Quote Originally Posted by Chebmaster View Post
    Anyone who is annoyed at the stupid password obsolescence, join me in making two passwords and just swapping them every time this website demands you to change your password!

    It works! It saves you time and effort!

    This mechanism worked as a quick fix after the break-in, but now it is just a hack that doesn't even help much with security.
    I'm irritated by the forced password change as well.

  3. #3
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,245
    Blog Entries
    2
    Suffice to say, the general policy in the places I've worked that have to comply with security guidelines from the government here in the UK is to have enforced password changes. That is good enough for me, regardless of what other advice I may be given here.

    However, since this appears to be a bone of contention that is obviously causing people issues, I've turned off enforced password changes.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  4. #4
    the reason why most governments request usage of enforced password change is to lower teh chance of breaking the password by brute-forcing it. But enforced password change alone isn't enough. You also need a system which will lock certain user when wrong password has been entered for certain umber of times when attempting to log in with that user account. Now as far as I know vBulletin does not support this feature.

    Also you should note that while forced password change can increase the security when used properly with combination of wrong password entry protection as discussed above it can be very annoying to the users especially if they are log in just a few time during the enforced password change interval as it is probably with most PGD users.
    Not to mention that enforced password change in most cases cause for people to actually chose overall less secure password with an ever incrementing number being part of it or simply go and switch between two of them if system allows it.

  5. #5
    On a side note: I am grateful for the forum and thank the people maintaining it.

  6. #6
    Quote Originally Posted by Chebmaster View Post
    Anyone who is annoyed at the stupid password obsolescence, join me in making two passwords and just swapping them every time this website demands you to change your password!

    It works! It saves you time and effort!

    This mechanism worked as a quick fix after the break-in, but now it is just a hack that doesn't even help much with security.
    I'm just confused when I enter the password twice and it says it's wrong. Then I remember I changed it and it works. Not very annoyed (using auto-login) but I understand you.
    No signature provided yet.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •