Changing Our Password Policy

Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!

Current time: May 7, 2024, 1:20 pm

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

Changing Our Password Policy

Tiberius Offline

Question Everything.

Religious Views: Atheist

Posts: 14932
Threads: 684
Joined: August 25, 2008
Reputation: 143

Changing Our Password Policy

July 19, 2012 at 11:48 am (This post was last modified: July 31, 2013 at 6:17 am by Tiberius.)

When I first started these forums nearly 4 years ago, password security was the last thing on my mind. These days, I think about it on a regular basis. Over the last couple of years, various websites have been hacked into, and passwords exposed or cracked.

We've had a very lax password policy so far, with a minimum password length of 8, and absolutely no requirement for complexity. A password of "password" is allowed, for example.

A few days ago, I decided to test how secure our passwords really were, and simulated an attack. I downloaded the password hashes and salts (a value that adds security to a password) from the database, in an anonymized fashion (that is, I did not know which hash corresponded to which user). I then used a cracking program on them with a large password dictionary (over 16 million common passwords) and let it run.

A few hours later, 1,336 out of the 3,670 I'd downloaded were cracked. That means that 36.4% of the passwords were found in a commonly used password dictionary. A brute-force attack on the others was not carried out, but I predict it would have cracked more.

I informed the staff, and we've agreed that due to these results, our password policy needs to change, and we're going to enforce the change on all of our current users. In a few days, I will change the password policy such that all passwords will require complex characters (upper / lower case letters and numbers,) and must be over 12 characters in length. We will then force users to change their passwords before they can use the site again.

We are giving this advanced warning so that our active users are not caught out and confused by the change. If you want to create a complex and memorable password, I suggest using a passphrase (see my article on the subject). I would also recommend using an online password manager like LastPass and using a different password on each website.

Feel free to ask any questions you might have.

- Atheist Forums Staff

Update: Due to a large number of complaints, this no longer applies. If your account get's hacked, it is your own fault.
Update #2: Ignore that last update. If you don't care about other people's security, kindly fuck off.

Find

« Next Oldest | Next Newest »

Messages In This Thread

Changing Our Password Policy - by Tiberius - July 19, 2012 at 11:48 am

RE: Changing Our Password Policy - by Paul the Human - July 19, 2012 at 12:05 pm

RE: Changing Our Password Policy - by Darwinian - July 19, 2012 at 12:16 pm

RE: Changing Our Password Policy - by Rayaan - July 19, 2012 at 12:18 pm

RE: Changing Our Password Policy - by Minimalist - July 19, 2012 at 12:50 pm

RE: Changing Our Password Policy - by Rayaan - July 19, 2012 at 1:09 pm

RE: Changing Our Password Policy - by Minimalist - July 21, 2012 at 10:20 pm

RE: Changing Our Password Policy - by downbeatplumb - July 19, 2012 at 1:13 pm

RE: Changing Our Password Policy - by Rayaan - July 19, 2012 at 1:17 pm

RE: Changing Our Password Policy - by downbeatplumb - July 19, 2012 at 1:19 pm

RE: Changing Our Password Policy - by Jackalope - July 19, 2012 at 1:33 pm

RE: Changing Our Password Policy - by Autumnlicious - July 19, 2012 at 1:36 pm

RE: Changing Our Password Policy - by Tiberius - July 19, 2012 at 1:51 pm

RE: Changing Our Password Policy - by Napoléon - July 19, 2012 at 2:25 pm

RE: Changing Our Password Policy - by downbeatplumb - July 19, 2012 at 3:19 pm

RE: Changing Our Password Policy - by Shell B - July 19, 2012 at 3:42 pm

RE: Changing Our Password Policy - by Ace Otana - July 19, 2012 at 3:39 pm

RE: Changing Our Password Policy - by Nine - July 19, 2012 at 3:47 pm

RE: Changing Our Password Policy - by KichigaiNeko - July 20, 2012 at 8:38 am

RE: Changing Our Password Policy - by Autumnlicious - July 20, 2012 at 12:39 pm

RE: Changing Our Password Policy - by KichigaiNeko - July 21, 2012 at 9:22 am

RE: Changing Our Password Policy - by LastPoet - July 20, 2012 at 12:45 pm

RE: Changing Our Password Policy - by Tiberius - July 20, 2012 at 2:23 pm

RE: Changing Our Password Policy - by Violet - July 21, 2012 at 1:47 pm

RE: Changing Our Password Policy - by Reforged - July 21, 2012 at 1:49 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 2:18 pm

RE: Changing Our Password Policy - by Paul the Human - July 21, 2012 at 2:34 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 2:48 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 2:51 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 2:57 pm

RE: Changing Our Password Policy - by Cinjin - July 21, 2012 at 3:01 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 3:09 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 3:07 pm

RE: Changing Our Password Policy - by Nine - July 21, 2012 at 2:53 pm

RE: Changing Our Password Policy - by Ace Otana - July 21, 2012 at 3:05 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 3:10 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 3:17 pm

RE: Changing Our Password Policy - by Violet - July 21, 2012 at 3:24 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 3:25 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 3:27 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 3:27 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 3:32 pm

RE: Changing Our Password Policy - by Nine - July 21, 2012 at 3:32 pm

RE: Changing Our Password Policy - by WhatIfGodWasJustAMyth - July 21, 2012 at 3:36 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 3:38 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 3:43 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 4:16 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 4:21 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 4:23 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 5:09 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 5:21 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 5:28 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 5:46 pm

RE: Changing Our Password Policy - by Nine - July 21, 2012 at 5:47 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 5:52 pm

RE: Changing Our Password Policy - by Nine - July 21, 2012 at 5:53 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 5:57 pm

RE: Changing Our Password Policy - by Nine - July 21, 2012 at 6:01 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 5:56 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 5:59 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 6:14 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 5:53 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 5:58 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 6:03 pm

RE: Changing Our Password Policy - by Ace Otana - July 21, 2012 at 6:21 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 6:23 pm

RE: Changing Our Password Policy - by Autumnlicious - July 21, 2012 at 6:25 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 6:34 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 6:40 pm

RE: Changing Our Password Policy - by Autumnlicious - July 21, 2012 at 6:42 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 6:43 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 6:45 pm

RE: Changing Our Password Policy - by Tiberius - July 21, 2012 at 6:47 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 6:55 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 7:11 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 7:18 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 7:24 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 7:34 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 7:31 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 7:42 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 7:51 pm

RE: Changing Our Password Policy - by ElDinero - July 21, 2012 at 7:57 pm

RE: Changing Our Password Policy - by LastPoet - July 21, 2012 at 8:10 pm

RE: Changing Our Password Policy - by Autumnlicious - July 21, 2012 at 7:04 pm

RE: Changing Our Password Policy - by fr0d0 - July 21, 2012 at 7:05 pm

RE: Changing Our Password Policy - by Autumnlicious - July 21, 2012 at 7:08 pm

RE: Changing Our Password Policy - by fr0d0 - July 21, 2012 at 7:16 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 7:10 pm

RE: Changing Our Password Policy - by liam - July 21, 2012 at 7:20 pm

RE: Changing Our Password Policy - by Nemo - July 21, 2012 at 7:21 pm

RE: Changing Our Password Policy - by Minimalist - July 21, 2012 at 7:21 pm

RE: Changing Our Password Policy - by liam - July 21, 2012 at 7:25 pm

RE: Changing Our Password Policy - by Autumnlicious - July 21, 2012 at 7:23 pm

RE: Changing Our Password Policy - by Faith No More - July 21, 2012 at 7:25 pm

RE: Changing Our Password Policy - by liam - July 21, 2012 at 7:27 pm

RE: Changing Our Password Policy - by Cyberman - July 22, 2012 at 7:32 am

RE: Changing Our Password Policy - by Nemo - July 21, 2012 at 7:33 pm

RE: Changing Our Password Policy - by Nemo - July 21, 2012 at 7:36 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 7:40 pm

RE: Changing Our Password Policy - by liam - July 21, 2012 at 7:52 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 8:28 pm

RE: Changing Our Password Policy - by Erinome - July 21, 2012 at 8:33 pm

RE: Changing Our Password Policy - by Shell B - July 21, 2012 at 8:39 pm

RE: Changing Our Password Policy - by Rev. Rye - July 21, 2012 at 11:43 pm

RE: Changing Our Password Policy - by Tiberius - July 22, 2012 at 12:24 am

RE: Changing Our Password Policy - by Rev. Rye - July 22, 2012 at 10:42 am

RE: Changing Our Password Policy - by Violet - July 21, 2012 at 9:13 pm

RE: Changing Our Password Policy - by Adjusted Sanity - July 21, 2012 at 10:02 pm

RE: Changing Our Password Policy - by Sciwoman - July 22, 2012 at 12:43 am

RE: Changing Our Password Policy - by Tiberius - July 22, 2012 at 12:58 am

RE: Changing Our Password Policy - by Sciwoman - July 22, 2012 at 1:05 am

RE: Changing Our Password Policy - by Tiberius - July 22, 2012 at 1:08 am

RE: Changing Our Password Policy - by Sciwoman - July 22, 2012 at 1:11 am

RE: Changing Our Password Policy - by Paul the Human - July 22, 2012 at 9:05 am

RE: Changing Our Password Policy - by Tiberius - July 22, 2012 at 10:48 am

RE: Changing Our Password Policy - by Whateverist - July 24, 2012 at 11:49 am

RE: Changing Our Password Policy - by ElDinero - July 22, 2012 at 9:26 am

RE: Changing Our Password Policy - by 5thHorseman - July 22, 2012 at 10:16 am

RE: Changing Our Password Policy - by Autumnlicious - July 22, 2012 at 1:20 pm

RE: Changing Our Password Policy - by liam - July 22, 2012 at 3:50 pm

RE: Changing Our Password Policy - by Ace Otana - July 22, 2012 at 4:12 pm

RE: Changing Our Password Policy - by Annik - July 22, 2012 at 4:36 pm

RE: Changing Our Password Policy - by Jaysyn - July 24, 2012 at 7:41 am

RE: Changing Our Password Policy - by Whateverist - July 24, 2012 at 12:54 pm

RE: Changing Our Password Policy - by jackman - July 24, 2012 at 11:15 am

RE: Changing Our Password Policy - by Napoléon - July 24, 2012 at 11:17 am

RE: Changing Our Password Policy - by Shell B - July 24, 2012 at 12:10 pm

RE: Changing Our Password Policy - by downbeatplumb - July 24, 2012 at 12:36 pm

RE: Changing Our Password Policy - by Shell B - July 24, 2012 at 12:42 pm

RE: Changing Our Password Policy - by downbeatplumb - July 24, 2012 at 12:43 pm

RE: Changing Our Password Policy - by Shell B - July 24, 2012 at 12:49 pm

RE: Changing Our Password Policy - by downbeatplumb - July 24, 2012 at 12:52 pm

RE: Changing Our Password Policy - by Shell B - July 24, 2012 at 12:54 pm

RE: Changing Our Password Policy - by Napoléon - July 24, 2012 at 1:16 pm

RE: Changing Our Password Policy - by Tiberius - July 24, 2012 at 1:30 pm

RE: Changing Our Password Policy - by Napoléon - July 24, 2012 at 3:51 pm

RE: Changing Our Password Policy - by Whateverist - July 24, 2012 at 4:04 pm

RE: Changing Our Password Policy - by Napoléon - July 24, 2012 at 4:06 pm

RE: Changing Our Password Policy - by Whateverist - July 24, 2012 at 4:09 pm

RE: Changing Our Password Policy - by Tiberius - July 24, 2012 at 4:32 pm

RE: Changing Our Password Policy - by 5thHorseman - July 24, 2012 at 4:47 pm

RE: Changing Our Password Policy - by Autumnlicious - July 24, 2012 at 7:31 pm

RE: Changing Our Password Policy - by Chuff - July 25, 2012 at 1:06 pm

RE: Changing Our Password Policy - by frankiej - July 25, 2012 at 1:14 pm

RE: Changing Our Password Policy - by Shell B - July 25, 2012 at 2:00 pm

RE: Changing Our Password Policy - by Cyberman - July 25, 2012 at 1:25 pm

RE: Changing Our Password Policy - by Reforged - July 25, 2012 at 2:04 pm

RE: Changing Our Password Policy - by fr0d0 - July 25, 2012 at 4:07 pm

RE: Changing Our Password Policy - by Xyster - July 28, 2012 at 9:12 am

RE: Changing Our Password Policy - by Darwinian - July 28, 2012 at 3:28 pm

RE: Changing Our Password Policy - by Cinjin - July 30, 2012 at 5:13 pm

RE: Changing Our Password Policy - by C.W. Sims - August 2, 2012 at 12:05 am

RE: Changing Our Password Policy - by Minimalist - August 2, 2012 at 12:35 am

RE: Changing Our Password Policy - by Tiberius - July 28, 2012 at 9:16 am

RE: Changing Our Password Policy - by Cinjin - August 2, 2012 at 12:37 am

RE: Changing Our Password Policy - by AthiestAtheist - August 23, 2012 at 8:03 pm

RE: Changing Our Password Policy - by Minimalist - August 23, 2012 at 8:25 pm

RE: Changing Our Password Policy - by Jackalope - August 23, 2012 at 8:10 pm

RE: Changing Our Password Policy - by AthiestAtheist - August 23, 2012 at 8:29 pm

RE: Changing Our Password Policy - by Cyberman - August 23, 2012 at 8:12 pm

RE: Changing Our Password Policy - by Kayenneh - August 23, 2012 at 8:15 pm

RE: Changing Our Password Policy - by Jackalope - August 23, 2012 at 8:35 pm

RE: Changing Our Password Policy - by Darth - August 23, 2012 at 8:48 pm

RE: Changing Our Password Policy - by Jackalope - August 23, 2012 at 8:51 pm

RE: Changing Our Password Policy - by Tiberius - August 23, 2012 at 10:18 pm

RE: Changing Our Password Policy - by AthiestAtheist - August 23, 2012 at 10:26 pm

RE: Changing Our Password Policy - by Tiberius - August 24, 2012 at 5:01 am

Possibly Related Threads...
Thread		Author	Replies	Views	Last Post
	Privacy Policy Update	Tiberius	1	938	October 8, 2017 at 5:29 pm Last Post: Foxaèr
	Introduction subforum rules and enforcement policy - you need to read this.	Jackalope	21	6996	May 1, 2014 at 5:37 pm Last Post: Jackalope

View a Printable Version

Users browsing this thread: 1 Guest(s)

Login
Username:
Password:	Lost Password?
	Remember me