Results 1 to 7 of 7

Thread: 30 day password reset

  1. #1

    30 day password reset

    I feel it is completely unnecessary and causes more problems than good.

  2. #2
    Some people is used to this. In sensible servers/job it is mandatory. The problem is to select and remember the new password avoiding repetition.
    No signature provided yet.

  3. #3
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    Location
    South Wales, UK
    Posts
    1,245
    Blog Entries
    2
    I turned this on for registered users following the data mining that took place. To ensure everyone changed their passwords

    I'm inclined to leave it enabled to help try and keep the site secure.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  4. #4

  5. #5
    Curiously, after the site has been hacked, next day someone actually tried to log in to my (unrelated) hotmail account, which was using the same password as on this site, but didn't go through due to 2-stage verification. I don't know if the passwords were hashed and salted here before or not, but nevertheless it was an unnerving coincidence. Now with that 30 day password policy it sounds like this site is phishing for more passwords to be stolen, so I'm actually using unsecure and easy to remember passwords, exactly the opposite of what this policy is trying to achieve. The funny thing is, since there is no SSL, the passwords are transmitted unencrypted, making this policy even more useless than it actually is.

    Please disable it.

  6. #6
    Code:
    function SiteUniquePassword(const aSiteName: String): String;
    const
      PersonalConstant = 'ABCDEFG'; // Or something a bit better, always same
    var
      SomeEasyButUniqueMemoryRule: String;
    begin
      SomeEasyButUniqueMemoryRule := SpecialTransformRule(aSiteName);  // e.g. Capital Initial Letters + Counter.ToString;
      Result := PersonalConstant + SpecialTransformRule;
    end
    
    function SpecialTransformRule(const aSiteName:string):string;
    begin
      //  result = every second letter of domain reversed + PasswordInstance.ToString;
      result = every initial letter of full words of domain, reversed + PasswordInstance.ToString;
    end
    This is very easy to remember across all sites. Hard enough to crack. Even proof against 30 day reset.

    e.g.
    Raw
    Const = dog
    Domain = PasgalGameDevelopment
    Instance = 2 (now with new 30 day reset)

    Result
    dogDGP2

    P.S. You dont recall the suffix, just increment until it is right.

    P.S.S Won't do any good to crackers to know your password. Won't work on any other site.
    Last edited by Thyandyr; 14-07-2017 at 11:38 PM.

  7. #7
    I'm closing this thread! Why?
    Contents of this thread are publicly visible (you don't need to be registered or logged in) so talking about site security is basically revealing necessary information to potential hackers and therefore this thread as such is a security risk to PGD.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •