Results 1 to 7 of 7

Thread: 30 day password reset

  1. #1

    30 day password reset

    I feel it is completely unnecessary and causes more problems than good.

  2. #2
    Some people is used to this. In sensible servers/job it is mandatory. The problem is to select and remember the new password avoiding repetition.
    No signature provided yet.

  3. #3
    PGD Community Manager AthenaOfDelphi's Avatar
    Join Date
    Dec 2004
    South Wales, UK
    Blog Entries
    I turned this on for registered users following the data mining that took place. To ensure everyone changed their passwords

    I'm inclined to leave it enabled to help try and keep the site secure.
    :: AthenaOfDelphi :: My Blog :: My Software ::

  4. #4

  5. #5
    Curiously, after the site has been hacked, next day someone actually tried to log in to my (unrelated) hotmail account, which was using the same password as on this site, but didn't go through due to 2-stage verification. I don't know if the passwords were hashed and salted here before or not, but nevertheless it was an unnerving coincidence. Now with that 30 day password policy it sounds like this site is phishing for more passwords to be stolen, so I'm actually using unsecure and easy to remember passwords, exactly the opposite of what this policy is trying to achieve. The funny thing is, since there is no SSL, the passwords are transmitted unencrypted, making this policy even more useless than it actually is.

    Please disable it.

  6. #6
    function SiteUniquePassword(const aSiteName: String): String;
      PersonalConstant = 'ABCDEFG'; // Or something a bit better, always same
      SomeEasyButUniqueMemoryRule: String;
      SomeEasyButUniqueMemoryRule := SpecialTransformRule(aSiteName);  // e.g. Capital Initial Letters + Counter.ToString;
      Result := PersonalConstant + SpecialTransformRule;
    function SpecialTransformRule(const aSiteName:string):string;
      //  result = every second letter of domain reversed + PasswordInstance.ToString;
      result = every initial letter of full words of domain, reversed + PasswordInstance.ToString;
    This is very easy to remember across all sites. Hard enough to crack. Even proof against 30 day reset.

    Const = dog
    Domain = PasgalGameDevelopment
    Instance = 2 (now with new 30 day reset)


    P.S. You dont recall the suffix, just increment until it is right.

    P.S.S Won't do any good to crackers to know your password. Won't work on any other site.
    Last edited by Thyandyr; 14-07-2017 at 11:38 PM.

  7. #7
    I'm closing this thread! Why?
    Contents of this thread are publicly visible (you don't need to be registered or logged in) so talking about site security is basically revealing necessary information to potential hackers and therefore this thread as such is a security risk to PGD.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Comodo SSL