Bitcoin Forum
September 24, 2018, 08:29:44 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Forum password changes  (Read 576 times)
moneybat
Full Member
***
Offline Offline

Activity: 239
Merit: 101



View Profile
March 24, 2016, 09:52:35 AM
 #1

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?
1537820984
Hero Member
*
Offline Offline

Posts: 1537820984

View Profile Personal Message (Offline)

Ignore
1537820984
Reply with quote  #2

1537820984
Report to moderator
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Sharma
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


GATCOIN : The New Currency Of Digital Marketing


View Profile
March 24, 2016, 09:59:09 AM
 #2

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?

Well, the main problem is that the security log is used to identify changed passwords, and this change is used to identify hacked/sold accounts and prevent users from getting scammed. Also, a lot of users don't log in for weeks/months, which might lead to forgotten passwords and lots of password reset requests for the admin.

Personally, i always encourage users to use a password manager (i use keypass), and generate a unique password per service.

.
   █████▄▄▄▄
   ████████████▄▄▄            ▀██████
   ███ ▀▀▀▀█████████▄          ▀█████
   ███         ▀▀▀█████▄         ▀███
   ███              ▀▀████▄▄███    ▀▀
   ███                ▀███████▀
   ███                    █████
   ███     ███▄         ▄███████
   ▐██▌     ▀███▄     ▄███▀  ███
   ▐███       ▀███▄▄ ███▀     ███
    ███▌        ▀████        ▐██▌
     ███         ████         ███
      ███      ▄█████▄       ▐██
       ███   ▄████▀ ▀███▄     ▐██
        ███▄████▀     ▀███▄   ███
         █████▀         ▀███▄████
          ██▀             ▀█████▌
                            ▀███▌
  ██████                      ▀▀
  ▀▀▀███
     ███
█         █   ███
 █        ███  ███  █
███       ███   █  ███
███   █   ███   █  ███
███  ███   █       ███
███  ███   █       ███
 █   ███            █
 █    █             █
█         █   ███
 █        ███  ███  █
███       ███   █  ███
███   █   ███   █  ███
███  ███   █       ███
███  ███   █       ███
 █   ███            █
 █    █             █
             JOIN US             
TELEGRAM TWITTER FACEBOOK
LINKEDIN WHITEPAPER
Kotone
Hero Member
*****
Offline Offline

Activity: 924
Merit: 500



View Profile
March 24, 2016, 10:00:02 AM
 #3

I agree but youll likely to be hack if you use the same password for every forum you joined.


````███▄▄```````````````````````````````▄▄███
````███████▄▄```````````````````````▄▄███████
```███████████▄▄````````````````▄▄███████████
```████``▀▀███████▄▄````````▄▄██████▀▀``████
```████``````▀████████```███████▀▀`````█████
``█████`````````▀▀██████████▀▀`````````█████
``████````████▄`````▀▀██▀▀`````▄▄██```█████
`█████```███████▄▄`````````▄▄██████```█████
`█████```███████████▄``▄██████████````████
`████``````▀▀████████████████████````████
███████▄▄`````▀▀█████████████████````████
``▀▀███████▄▄`````▀▀█████████████````██▀
`````▀▀████████▄▄`````▀███████▀▀
`````````▀▀███████````████▀▀
`````````````▀▀████
vgvv
MODULE
|
|
Report to moderator 
█≣≣≣   SKYFchain   ≣≣≣█▐▃     SKYFchain is the first blockchain based     ▃▌█≣≣≣   BOUNTY   ≣≣≣█
poptok1
Hero Member
*****
Offline Offline

Activity: 966
Merit: 543


★ What is the matrix? ★


View Profile WWW
March 24, 2016, 10:02:23 AM
 #4

Definitely a good idea.
Heard some rumours about forum 2.0. If they still working on it
im sure it will be implemented there.
Too much work with this one, I guess, password change today
is kinda buggy, unclear at least to me.
We have to wait for new version of bitcointalk.

jacee
Legendary
*
Offline Offline

Activity: 1204
Merit: 1021


View Profile WWW
March 24, 2016, 10:02:32 AM
 #5


With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire?
I don't think it's necessary for the forum to implement this. Not all people like their password being changed from time to time specially for those who have a hard time remembering theirs. What could be an idea similar to this is that the forum could implement a warning that a password should be change over time so that a user can be reminded.
Too many folks like to use the same pass for every forums, what do you think?
Most users use the same password for a reason. Well, I know it's unsecured but for some people it's much better to have only one password to remember than forget everything everytime. The thing is I think people should just create a really strong password so othe people can't guess it and as a user it is the users responsibility to secure his data on his computer.
21coin
Hero Member
*****
Offline Offline

Activity: 493
Merit: 500


Sarthak's a dumb girl


View Profile
March 24, 2016, 10:06:41 AM
 #6

The forum can do without it. If people are foolish enough to have their pass stolen, they will learn about it the hard way. 2FA is soon come in the new forum though

user64
Full Member
***
Offline Offline

Activity: 147
Merit: 100



View Profile
March 24, 2016, 10:08:16 AM
 #7

Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister

moneybat
Full Member
***
Offline Offline

Activity: 239
Merit: 101



View Profile
March 24, 2016, 10:14:13 AM
 #8

Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister



That could be a reason some people don't change their password, as they dont want to look untrustworthy, who knows
hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1778
Merit: 1318


everithyng will be ok


View Profile
March 24, 2016, 10:15:07 AM
 #9

If someone gets their account hacked then they get it hacked. Forcing people to change their password isn't going to stop them especially when most of the hacks come from users getting phished or downloading malware. It will likely just cause more problems as it will lead to users forgetting it as well.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
suchmoon
Legendary
*
Offline Offline

Activity: 1708
Merit: 1703



View Profile
March 24, 2016, 03:48:45 PM
 #10

Forced password change is a 1980s security practice when looking over one's shoulder may have been an issue but it's nearly useless these days. It won't help if users are prone to reusing their passwords, they'll just do

password01
password02
password01
password02

A somewhat more robust approach is 2FA although it still creates issues as users lose their 2FA devices etc. Ultimately it's up to the user to choose a strong password and to keep it secure - there is only so much babysitting you can do.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!