Router Forums banner

Status
Not open for further replies.
1 - 20 of 23 Posts

·
Registered
Joined
·
67 Posts
Discussion Starter #1
This is the worse site I am on for password requirements. My bank, credit card, and 401k are easier.

This is a forum, not a financial institution.

Plus it would be nice if the password they sent you to reset your password was a word you could type in.

Why does the reset password have to be so hard?
 

·
Marine Engineer
Doug
Joined
·
4,783 Posts
I definitely understand the frustration!

I have some insane password requirements for work passwords, 16 characters, 3 caps, 3 special, 3 numbers. Change every 90 days and can't use previous 12. The easy way is to make a phrase.

Of course, once you log in here, stay logged in!
 

·
Super Moderator
Joined
·
5,771 Posts
This is the worse site I am on for password requirements. My bank, credit card, and 401k are easier.

This is a forum, not a financial institution.

Plus it would be nice if the password they sent you to reset your password was a word you could type in.

Why does the reset password have to be so hard?
Keep it simple. Make your password "INVALID". Then when you forget it or miss type it, your computer will tell you "Your password is INVALID"!:surprise:>:):grin:
 

·
Retired Moderator
Joined
·
16,385 Posts
This is the worse site I am on for password requirements. My bank, credit card, and 401k are easier.

This is a forum, not a financial institution.

Plus it would be nice if the password they sent you to reset your password was a word you could type in.

Why does the reset password have to be so hard?
We were told maybe a year ago now that the forum had been hacked so the owners decided we needed that level of protection to protect our accounts (most likely their liability for protecting our accounts).
 
  • Like
Reactions: Herb Stoops

·
Registered
Joined
·
577 Posts
Is it documented exactly what the password complexity rules are here now?
I understand the forum owners wanting to cover their potential liability in light of the big password breach last year, but on the other hand the password rules shouldn't be disproportionate to the sensitivity of the account. As the OP points out, an internet forum account isn't a bank or credit card account. If any of the regular members' accounts was taken over by an imposter, I like to think that we'd realise pretty quickly. Like say if someone claiming to be Rick posted pictures of installing insulation in his shop, we'd know something was up right away.

Doug, your employer might be interested in the password guidance that the British government is issuing here now.
https://www.gov.uk/government/uploa...word_guidance_-_simplifying_your_approach.pdf
One of the key passages is:
"Regular password changing harms rather than improves security, so avoid placing this burden on users. However, users must change their passwords on indication or suspicion of compromise".
Most people when they're forced to change a password, just increment a number on the end. Well guess what, an attacker can add 1 as well. It's good that we're finally realising that inventing and remembering secure passwords is really hard, and the more often you make people do it, the worse job they'll make of it.
 

·
Registered
Joined
·
2,323 Posts
  • Like
Reactions: furboo

·
Registered
Joined
·
67 Posts
Discussion Starter #9
What liability? It is a free to use forum. My bank and financial accounts are not as strict. The 10 character limit is required by my credit card either.

Worse is when you ask for a new password they give you a goofy one. Some places give you a simple one that is only good for short time and must be changed
 

·
Administrator
Joined
·
2,131 Posts
This is the worse site I am on for password requirements. My bank, credit card, and 401k are easier.

This is a forum, not a financial institution.

Plus it would be nice if the password they sent you to reset your password was a word you could type in.

Why does the reset password have to be so hard?
Unfortunately, a lot of people use the same password on multiple sites. The reason our password requirements are strong, is to help make member passwords more secure.

You don't have to keep the one you are assigned when you do a password reset though. You can change it to something easier for you to remember, while still using a more secure password.

A good piece of advice, to help in remembering the more complex password, is to do a phrase instead of just randomly adding in the extra requirements.

Example: BoiledCabbageis#1!

How To Change Your Password
 

·
Registered
Joined
·
79 Posts
I use LastPass - a free program - then only 1 (ONE) password to remember (mine is 26 characters) - it fills in your password automatically when you get to a website it has remembered.
Easy, a top rated program. Has a built in web browser for your iPhone/iPad/cell phone, so just open LastPass, and go to your list of websites with passwords, hit launch and it will bring you to the website and automatically log you in.
Used to have to pay to use on your cell phone - but that fee has been dropped.
One WARNING - you had better remember the password for LastPass as if you lose it, they can't get it out for you. They have no way to get your password.
It is Cloud based so you can use LastPass from anywhere in the world and get your passwords.
 

·
Registered
Joined
·
67 Posts
Discussion Starter #14
You don't have to keep the one you are assigned when you do a password reset though. You can change it to something easier for you to remember, while still using a more secure password.

A]
I realize that. But you have to enter that goofy password in order to change it.
 

·
Registered
Joined
·
67 Posts
Discussion Starter #15
I also log on to more then one computer, and have a smart phone. So sometimes I have to enter every time I log on. My home computer I leave logged im.
 

·
Retired Moderator
Joined
·
16,385 Posts
One option is to create a file in something like Wordpad and paste the password there and that way you can copy and paste it when you need it. It can be as complicated as you want thjen and it won't matter cuz you don't have to remember it. Just don't label the file as Password.
 
  • Like
Reactions: Nickp

·
Registered
Joined
·
544 Posts
I also use LastPass for just about everything online:

http://www.lastpass.com

...except I don't store things like my online banking password.

What frustrates me most about routerforums is the autologout is way too short. Seems like 30 minutes and should be 12 hours. I mean come on, are people really that worried about inadvertently staying logged in and having a family member post messages in your name???
 

·
Official Greeter
Ross
Joined
·
8,327 Posts
Rob, if I'm reading your post correctly why not put a tick in the remember me box and stay logged in. Just saying.
 

·
Registered
Joined
·
1,614 Posts
Rob, if I'm reading your post correctly why not put a tick in the remember me box and stay logged in. Just saying.
I regularly tick "remember me" and it works a few times then gone. I have to sign in again. Don't know why.

Also, I'm not a fan of boiled cabbage. Would it be alright if I used "steamed cabbage" or would that not work ?
 
1 - 20 of 23 Posts
Status
Not open for further replies.
Top