What's with the password requirements?

[h4ldol]

I've been a long-time lurker who finally registered today, and I was surprised at the strength of password requirements for just an online message board. Is it really necessary to make users/members use both a capital case character and a symbol/non-alphanumeric character? It's a bit annoying and I don't really understand what kind of rationale would necessitate such a stringent requirement for password strength. None of my online bank/utility/shopping accounts have that level of password requirement, so it seems odd that this forum does.

 

[Cory Streater]

I h4ldol. I appreciate your feedback and agree that strong password are a huge inconvenience. However, I find that a lot of financial institutions and other companies I do business with are implementing strong password requirements. From an inconvenience standpoint you're lucky that you are doing business with companies that do not have these requirements. From a security standpoint it is much easier for BOT's and other malicious entities to randomly guess combinations of numbers and letters than the combo you described above.

Minimal strong authentication requirements are in place to protect the boards, e-commerce, and most importantly the members who use these services. I spend a lot of time in Admin type forums and I hear reports all the time of entire boards being defaced because some hacker figured out how to login to someones account. If fact I would consider using something even stronger than a Abcdefjh! type password. Here's a good one for you:

2mo3J'm55uD';6F143O3Gn;wX"Nf51



I personally use a password keeper type program to help me manage the various passwords I use.

 

[h4ldol]

Thanks for the reply and the password suggestions... I actually chose one of them (but I'm not telling which one ). At least you don't force us to periodically change it (like the VA system where you have to change every three months and can't use any of the last 20 passwords that you used).

 

[Cory Streater]

I forgot a really important piece of info. We're about to flip the switch on giving members the ability to use Facebook, Twitter, or Google + accounts to login if that's your preference.

You'll still be required to create an AC account but after that the two will be connected and you can login using the method of your choice.

Again, thanks for speaking up. Always like to hear member feedback.

 

[Puzzlegal]

I forgot a really important piece of info. We're about to flip the switch on giving members the ability to use Facebook, Twitter, or Google + accounts to login if that's your preference.

You'll still be required to create an AC account but after that the two will be connected and you can login using the method of your choice.

Again, thanks for speaking up. Always like to hear member feedback.

Please, please please don't force us to do this. Google and Facebook already know too much about me. Also, they both use my real name, which I don't use here. Not that I intend to say anything that would embarass me, but I'd just rather not publish everything about myself in a super-easy-to-track way.

Also, I get why I need a strong password for anything financial, or linked to potentially private information (like health info), but I don't get why I need a strong password for a bulletin board. Surely the board should be set up so that a random user can't do too much damage, and while I suppose my reputation here has some value, honestly, it's not all that much value.

I seem to have been grandfathered into a "weak" password, which is good, as I have limited brain space for "strong" ones. I wouldn't want to waste a strong password on something like this site, and I am leery of re-using strong passwords for multiple places, especially places like this where I don't know if anyone might have access to my password.

I also use weak passowrds for mailman mailing lists. So sue me. :shrug:

 

[BSG75]

Please, please please don't force us to do this. Google and Facebook already know too much about me. Also, they both use my real name, which I don't use here. Not that I intend to say anything that would embarass me, but I'd just rather not publish everything about myself in a super-easy-to-track way.

Also, I get why I need a strong password for anything financial, or linked to potentially private information (like health info), but I don't get why I need a strong password for a bulletin board. Surely the board should be set up so that a random user can't do too much damage, and while I suppose my reputation here has some value, honestly, it's not all that much value.

I seem to have been grandfathered into a "weak" password, which is good, as I have limited brain space for "strong" ones. I wouldn't want to waste a strong password on something like this site, and I am leery of re-using strong passwords for multiple places, especially places like this where I don't know if anyone might have access to my password.

I also use weak passowrds for mailman mailing lists. So sue me. :shrug:

You won't have to use the new login option, I am sure.

Also, use LastPass for passwords. Weak passwords are not a good thing. LastPass solves the problem completely. It's a cross-browser plugin.

 

[Cory Streater]

1) Facebook is not going to be a requirement; it is an option. I feel the same way you do and will continue to use the credentials I have always used. For others it will be a welcomed convenience.

2) You can use whatever password you want. As you create/type in the password there's a bar that progressively turns from red to yellow to green as the password gets stronger. If you want to use a weak password (red) that is your prerogative. You are not forced to use anything stronger.

 

[Puzzlegal]

You won't have to use the new login option, I am sure.

Also, use LastPass for passwords. Weak passwords are not a good thing. LastPass solves the problem completely. It's a cross-browser plugin.

Thanks.

LastPass would make it pretty much impossible for me to log onto anything at all from work, since I wouldn't even know any of my passwords. Maybe that would be a good thing but I'd not prepared to go there. I'm also a little nervous about putting all my eggs in one basket, so to speak. What if I forget my LastPass password?

I expect solutions like that will become the standard at some point, and we will all have a very secure password that we (effectively) use for everything. But I don't think we are quite there yet.

I am thinking of following the advice of XKCD (which I saw first in the house of a computer scientist I respect, who shared his wifi password with me) and upgrading all my passwords to longer things. Like most people, I don't have to actually type passwords very often because my browser does that for me for everything except the most secure items.

 

[Cory Streater]

While we're on the topic - I love B-Folders

 

[Jude526]

I am all to glad to have whatever measures protect my use. I am a prime example of problems being hacked. I use Craigslist when I want to see something. I don't even keep my password on the site and I was hacked months ago. It has been a real mess for me. I have been using Craigslist since 2006 and never had a problem. My emails are being used nationally. Trying to get someone on the site to recognize you have a problem is nearly impossible. Finally was given an email for them, but I need a phone number. It is ridiculous. I never opened a scam email to give out my information. I never fall for that trap. But this has happened and it has been 6 months trying to end it.

So, be glad you are protected and although it is an inconvenience, I am glad for it.

 

[Jude526]

sell not see sorry

 

[Cory Streater]

You should sell see how many posts of mine I have to edit each day