Changing Our Password Policy

[Cinjin]

I don't want to have to memorize a long-ass password that I don't use for anything else.

You don't have to memorize it. Punch it in and don't log out. I rarely ever used my old password because I just don't log out ... and like you said, it's not like you have to worry about your finances on this site.



and the most important note:

It's just a friggin password people.

[Ace Otana]

My password is now twice as complicated as the last one. Never was worried about my original password. Seeing as it would of taken more than a few guesses and that if guessed wrong three times in a row would alert the mods and me by email. That is what happens if guessed wrong three times?

There is another security system you could add you know. The computer or phone you use to access the site will be recognised as your primary or secondary device and that should someone attempt to log into your account with an unknown device it will alert the staff and me. Facebook has it. Even lets me know if I guessed the password wrong even the once.

Password is just one little stopper, get passed that and I'll be alerted by you using an unknown device.

[Tiberius]

If they did, wouldn't they have made their passwords that strong in the first place.

A lot of users do have strong passwords. 36% of them (possibly more) did not. A compromised user account can result in PM spam, access to personal details, etc. I don't want that to happen; it's a lot of work for staff, and it's annoying for the user(s) involved.

These type of passwords should be used for an account users have money invested in, not a forum site.

People have a lot of personal information in our database. They have private conversations, and some of them even have nude pictures of themselves. Protecting that data is just as important as protecting money. Identify theft exists; blackmail exists.

I don't want to have to memorize a long-ass password that I don't use for anything else.

Don't memorize it then. Password managers exist for a reason. I've written an article about how to create long and memorable passwords though.

[WhatIfGodWasJustAMyth]

I don't want to have to memorize a long-ass password that I don't use for anything else.

You don't have to memorize it. Punch it in and don't log out. I rarely ever used my old password because I just don't log out ... and like you said, it's not like you have to worry about your finances on this site.



and the most important note:

It's just a friggin password people.

That defeats the purpose of the change.
The reason we are upset is because we HAVE to change it.

[Tiberius]

Seeing as it would of taken more than a few guesses and that if guessed wrong three times in a row would alert the mods and me by email. That is what happens if guessed wrong three times?

As far as I'm aware, you get 5 attempts, then you have to wait 15 minutes. Nobody is alerted.

There is another security system you could add you know. The computer or phone you use to access the site will be recognised as your primary or secondary device and that should someone attempt to log into your account with an unknown device it will alert the staff and me. Facebook has it. Even lets me know if I guessed the password wrong even the once.

A nice system, but it tends to be (a) very hard to integrate, and (b) annoying with all the false positives.

---

The reason we are upset is because we HAVE to change it.

The way I see it:

If you already had a secure password, changing it is no biggie; you can simply change it to the same password.

If you didn't have a secure password, your account was potentially hackable, and we're doing you a favour by making you change it.

Like I said before, if you really want to leave, go ahead. I'll point out though that you've had 2 whole days to register any complaints and make a massive fuss, yet apart from a few grumbles, nobody ever really challenged it. To start complaining after we've made the change that we told you we'd make is ridiculous.

[WhatIfGodWasJustAMyth]

Damn I hate you Tiberius. While I still don't agree with you forceing people to change. I know I can't win a debate against you.

You should have asked the community if they thought it should be mandatory.

[Violet]

Damn I hate you Tiberius. While I still don't agree with you forceing people to change. I know I can't win a debate against you.

You should have asked the community if they thought it should be mandatory.

It's hard to win a debate when the other person is right... trust me: I know from experience

He asked your opinions on this two days ago, and several people commented in the thread... to my knowledge: not one of them raised a fuss over it. If someone had, they would have stopped and talked it over first.

[Tiberius]

Pretty sure "Can the community vote on this, you fascist password pig?" is a question:

Feel free to ask any questions you might have.

[LastPoet]

People, can I get some attention?

[Tiberius]

I'm starting to feel like I should have just faked a database breach. Nobody ever complains when Yahoo! or LinkedIn forces people to change their passwords after they were all stolen...