I feel it is completely unnecessary and causes more problems than good.
I feel it is completely unnecessary and causes more problems than good.
Some people is used to this. In sensible servers/job it is mandatory. The problem is to select and remember the new password avoiding repetition.
No signature provided yet.
I turned this on for registered users following the data mining that took place. To ensure everyone changed their passwords
I'm inclined to leave it enabled to help try and keep the site secure.
:: AthenaOfDelphi :: My Blog :: My Software ::
Curiously, after the site has been hacked, next day someone actually tried to log in to my (unrelated) hotmail account, which was using the same password as on this site, but didn't go through due to 2-stage verification. I don't know if the passwords were hashed and salted here before or not, but nevertheless it was an unnerving coincidence. Now with that 30 day password policy it sounds like this site is phishing for more passwords to be stolen, so I'm actually using unsecure and easy to remember passwords, exactly the opposite of what this policy is trying to achieve. The funny thing is, since there is no SSL, the passwords are transmitted unencrypted, making this policy even more useless than it actually is.
Please disable it.
This is very easy to remember across all sites. Hard enough to crack. Even proof against 30 day reset.Code:function SiteUniquePassword(const aSiteName: String): String; const PersonalConstant = 'ABCDEFG'; // Or something a bit better, always same var SomeEasyButUniqueMemoryRule: String; begin SomeEasyButUniqueMemoryRule := SpecialTransformRule(aSiteName); // e.g. Capital Initial Letters + Counter.ToString; Result := PersonalConstant + SpecialTransformRule; end function SpecialTransformRule(const aSiteName:string):string; begin // result = every second letter of domain reversed + PasswordInstance.ToString; result = every initial letter of full words of domain, reversed + PasswordInstance.ToString; end
e.g.
Raw
Const = dog
Domain = PasgalGameDevelopment
Instance = 2 (now with new 30 day reset)
Result
dogDGP2
P.S. You dont recall the suffix, just increment until it is right.
P.S.S Won't do any good to crackers to know your password. Won't work on any other site.
Last edited by Thyandyr; 14-07-2017 at 11:38 PM.
I'm closing this thread! Why?
Contents of this thread are publicly visible (you don't need to be registered or logged in) so talking about site security is basically revealing necessary information to potential hackers and therefore this thread as such is a security risk to PGD.
Bookmarks