Toyota Prius Forums banner
1 - 4 of 4 Posts

·
Administrator
Joined
·
135 Posts
Discussion Starter · #1 ·
Hello all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Super Moderator
'17 C 4
Joined
·
637 Posts
I'm sorry but I do NOT agree with this policy.......being enforced for "normal" users.

If an ordinary user's password is compromised, it affects ONLY HIM, right ?? Then it is HIS problem and will not compromise system integrity, right ??

Now.....for Admin accounts that could do some real damage.....manbe a different story.

And.....if the forum software stores passwords in un-encrypted form, then a real system breach might get the passwords too......and how complex they are or how often they have been changed will MAKE NO DIFFERENCE at all.

And lasty, forcing users to change their passwords often usually means that they will have to write them down to remember and that in itself is a REAL security risk, as opposed to the imaginary ones causing you to be paranoid and to contemplate changes that might not be necessary or effective.
 

·
Administrator
Joined
·
135 Posts
Discussion Starter · #3 ·
hey there easy rider!

A good piece of advice, to help in remembering the more complex password, is to do a phrase instead of just randomly adding in the extra requirements. this is something i do usually. :)

Example: BoiledCabbageis#1!

That will stick in your in your mind better as opposed to writing it on a piece of paper. i hope that helps.


also, with regards to changing your password,

You do not need to change your passwords now, As you will be prompted when everything is implemented. I would wait till you are prompted, as you would have to change it again.


cheers,


~Shane
 

·
Super Moderator
'17 C 4
Joined
·
637 Posts
I was prompted today.

Your requirements are so complex that I had trouble typing the same one twice.

And you still did not offer a reason why you think this is necessary.

I do NOT think this is a good policy.
We have scant few members here as it is.
I wouldn't think you would want to risk alienating any of them without GOOD cause.
 
1 - 4 of 4 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top