Forum password changes

[moneybat]

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?

[Sharma]

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire? I remember seeing this in blackhatworld, at first I was annoyed having to change the pass every so often but I didn't mind and I can see why they do this now. Too many folks like to use the same pass for every forums, what do you think?

Well, the main problem is that the security log is used to identify changed passwords, and this change is used to identify hacked/sold accounts and prevent users from getting scammed. Also, a lot of users don't log in for weeks/months, which might lead to forgotten passwords and lots of password reset requests for the admin.

Personally, i always encourage users to use a password manager (i use keypass), and generate a unique password per service.

[Kotone]

I agree but youll likely to be hack if you use the same password for every forum you joined.

[poptok1]

Definitely a good idea.
Heard some rumours about forum 2.0. If they still working on it
im sure it will be implemented there.
Too much work with this one, I guess, password change today
is kinda buggy, unclear at least to me.
We have to wait for new version of bitcointalk.

[jacee]

With the amount of hacked accounts going on in here, why dont these forums implement users to change there pass every 1-3 months and have their original pass expire?

I don't think it's necessary for the forum to implement this. Not all people like their password being changed from time to time specially for those who have a hard time remembering theirs. What could be an idea similar to this is that the forum could implement a warning that a password should be change over time so that a user can be reminded.

Too many folks like to use the same pass for every forums, what do you think?

Most users use the same password for a reason. Well, I know it's unsecured but for some people it's much better to have only one password to remember than forget everything everytime. The thing is I think people should just create a really strong password so othe people can't guess it and as a user it is the users responsibility to secure his data on his computer.

[21coin]

The forum can do without it. If people are foolish enough to have their pass stolen, they will learn about it the hard way. 2FA is soon come in the new forum though

[user64]

Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister

[moneybat]

Problem with this is the flawed assumption that changing passwords equates selling or hacking accounts.

This logic is flawed. I should be able to change my account password whenever without been accused of something sinister

That could be a reason some people don't change their password, as they dont want to look untrustworthy, who knows

[hilariousandco]

If someone gets their account hacked then they get it hacked. Forcing people to change their password isn't going to stop them especially when most of the hacks come from users getting phished or downloading malware. It will likely just cause more problems as it will lead to users forgetting it as well.

[suchmoon]

Forced password change is a 1980s security practice when looking over one's shoulder may have been an issue but it's nearly useless these days. It won't help if users are prone to reusing their passwords, they'll just do

password01
password02
password01
password02

A somewhat more robust approach is 2FA although it still creates issues as users lose their 2FA devices etc. Ultimately it's up to the user to choose a strong password and to keep it secure - there is only so much babysitting you can do.