Page 1 of 2 12 LastLast
Results 1 to 25 of 47

Thread: Password expiration

  1. #1
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default Password expiration

    Due to recent events with some "so-called hackers", I've decided to give you guys a very small lecture on security.

    First of all, I've enabled the vBulletin options that forces users to change their passwords every X days. For Registered users and SRL Members (and above), this has been set to 50 days, for now. (It has been set to a relatively low value to force you to change your current password.)

    I noted that recent events caused quite a drama. Usually, "being hacked" is purely the users fault, but to guide you guys in security I enabled this password expiration option, which will force you to set a new password!

    You should use different passwords for each site, and make sure they can't be linked to you in any way. EG: Your favorite toy, your last name, your best friends' name, etc. These are all very weak passwords.

    The only reason you may be "hacked" is because you are using an extremely weak pass, or use the same password on multiple websites/forums.

    Follow this advice and you should generally be safe. I strongly advise every user to use different passwords on each site. I'm sure they've heard of "hacker" stories before. People's bank account being hacked because they use extremely weak passwords, etc.

    I would like to assure you that - as far as I am concerned - the SRL Forums are safe and secure. vBulletin is very secure, and quality software.

    ~Wizz

    PS:
    If more comes to my mind, I will edit my post and add more. Make sure you check this thread again in a few days.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  2. #2
    Join Date
    May 2007
    Location
    UK
    Posts
    4,007
    Mentioned
    1 Post(s)
    Quoted
    12 Post(s)

    Default

    Sounds like a good idea (the force password change)
    Cheers again Wizzup?

    T~M

  3. #3
    Join Date
    Feb 2007
    Posts
    3,616
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    It just said that I hadn't changed my password in like 200 something days. I typed in my current password, and then I typed in the same password as the new password, and vbulletin didn't stop me. So it really doesn't force you to change it, but it does remind you.

    Maybe you should make it force people to change it every so often?

  4. #4
    Join Date
    Feb 2007
    Location
    Het ademt zwaar en moedeloos vannacht.
    Posts
    7,211
    Mentioned
    26 Post(s)
    Quoted
    72 Post(s)

    Default

    Already does so: it'll now force you to change it every 50 days

  5. #5
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by JAD View Post
    It just said that I hadn't changed my password in like 200 something days. I typed in my current password, and then I typed in the same password as the new password, and vbulletin didn't stop me. So it really doesn't force you to change it, but it does remind you.

    Maybe you should make it force people to change it every so often?
    I can also enable the option that doesn't allow you to use the same password, but I didn't touch this option for the users desperate to keep their old password.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  6. #6
    Join Date
    Mar 2008
    Location
    New Jersey
    Posts
    1,673
    Mentioned
    1 Post(s)
    Quoted
    9 Post(s)

    Default

    I must of changed my password right before you put this into effect, I changed it today when I learned of people being hacked and someone said we should change password's in the thread, so Vbulletin never made me change my password.

  7. #7
    Join Date
    Feb 2006
    Location
    Amsterdam
    Posts
    13,692
    Mentioned
    146 Post(s)
    Quoted
    130 Post(s)

    Default

    Quote Originally Posted by Baked0420 View Post
    I must of changed my password right before you put this into effect, I changed it today when I learned of people being hacked and someone said we should change password's in the thread, so Vbulletin never made me change my password.
    If you changed it within the last 50 days, it won't bother you.



    The best way to contact me is by email, which you can find on my website: http://wizzup.org
    I also get email notifications of private messages, though.

    Simba (on Twitter | Group on Villavu | Website | Stable/Unstable releases
    Documentation | Source | Simba Bug Tracker on Github and Villavu )


    My (Blog | Website)

  8. #8
    Join Date
    Jul 2009
    Posts
    14
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Wizzup? View Post
    I can also enable the option that doesn't allow you to use the same password, but I didn't touch this option for the users desperate to keep their old password.
    Like if you wanted to keep your 29 character random words+symbols that you pushed yourself to remember. (thats what im going to do.)

  9. #9
    Join Date
    Dec 2006
    Location
    Program TEXAS home of AUTOERS
    Posts
    7,934
    Mentioned
    26 Post(s)
    Quoted
    237 Post(s)

    Default

    aw i like my old 1 lol
    btw yeah never put your password same on every forum and same on rs lol

  10. #10
    Join Date
    Aug 2007
    Posts
    115
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    This password force changer feature is used also in big corporations on their computers when they change their windows log-in passwords.

  11. #11
    Join Date
    Dec 2007
    Location
    192.168.1.73
    Posts
    2,439
    Mentioned
    6 Post(s)
    Quoted
    119 Post(s)

    Default

    Quote Originally Posted by sapetto View Post
    This password force changer feature is used also in big corporations on their computers when they change their windows log-in passwords.
    Except its generally on a 28 day cycle for them, as they usually store considerably more valuable data.

  12. #12
    Join Date
    Oct 2006
    Location
    Texas
    Posts
    1,450
    Mentioned
    1 Post(s)
    Quoted
    1 Post(s)

    Default

    I havent changed my pass in 763 days

  13. #13
    Join Date
    Jan 2008
    Location
    NC, USA.
    Posts
    4,429
    Mentioned
    0 Post(s)
    Quoted
    4 Post(s)

    Default

    Your password is 509 days old, and has therefore expired.

    Dame, I got beaten.
    Quote Originally Posted by irc
    [00:55:29] < Guest3097> I lol at how BenLand100 has become noidea
    [01:07:40] <@BenLand100> i'm not noidea i'm
    [01:07:44] -!- BenLand100 is now known as BenLand42-
    [01:07:46] <@BenLand42-> shit
    [01:07:49] -!- BenLand42- is now known as BenLand420
    [01:07:50] <@BenLand420> YEA

  14. #14
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    1115 days. I win.

  15. #15
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Do not ever clear your cookies -> ??? -> PROFIT!

    I have not changed my secure password in almost a year, yet I shall never be asked to enter it again.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  16. #16
    Join Date
    May 2008
    Location
    127.0.0.1
    Posts
    705
    Mentioned
    1 Post(s)
    Quoted
    6 Post(s)

    Default

    hmmm i set my password 381 days ago -.-
    edit: darn bullzeye wins
    <Wizzup> And he's a Christian
    <Wizzup> So he MUST be trusted
    ___________________________________________
    <Wizzup> she sounds like a dumb bitch

  17. #17
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  18. #18
    Join Date
    Jul 2008
    Location
    England
    Posts
    763
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Meh, only 275 for me.
    lol

  19. #19
    Join Date
    Jun 2009
    Posts
    147
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Gimme a year or two and I'll beat all of you

  20. #20
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  21. #21
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by final_result View Post
    Gimme a year or two and I'll beat all of you
    Mine's already over 3 years

  22. #22
    Join Date
    Jan 2008
    Location
    NC, USA.
    Posts
    4,429
    Mentioned
    0 Post(s)
    Quoted
    4 Post(s)

    Default

    Quote Originally Posted by final_result View Post
    Gimme a year or two and I'll beat all of you
    (Bullzeye)1000 > 365
    (Bullzeye)1000> (365*2)
    Quote Originally Posted by irc
    [00:55:29] < Guest3097> I lol at how BenLand100 has become noidea
    [01:07:40] <@BenLand100> i'm not noidea i'm
    [01:07:44] -!- BenLand100 is now known as BenLand42-
    [01:07:46] <@BenLand42-> shit
    [01:07:49] -!- BenLand42- is now known as BenLand420
    [01:07:50] <@BenLand420> YEA

  23. #23
    Join Date
    Feb 2009
    Posts
    1,447
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    I just changed my password a few days ago.
    I think its a good idea to force people to change their passwords every once and a while.
    I hope people dont use their name in their password :P
    I guessed this one habbo's pass once and I got into his account. I was only his name and a 1. It was a random guy. So dont be like him. Didnt do anything to his account though.

  24. #24
    Join Date
    Jul 2009
    Posts
    14
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    You guys are havent a contest over pass change count.... When am i getting my account back???

  25. #25
    Join Date
    May 2008
    Location
    127.0.0.1
    Posts
    705
    Mentioned
    1 Post(s)
    Quoted
    6 Post(s)

    Default

    Quote Originally Posted by tehrealzasz View Post
    You guys are havent a contest over pass change count.... When am i getting my account back???
    ban evade?
    <Wizzup> And he's a Christian
    <Wizzup> So he MUST be trusted
    ___________________________________________
    <Wizzup> she sounds like a dumb bitch

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •