'Change your password' annoyance and forum settings

[carrace]

"Your password is ... old, and has therefore expired."

Quote:

(I'm not allowed to paste links, so Google for the article "Choosing Secure Passwords" on Bruce Schneier's blog, Posted on March 3, 2014.)

"Don't bother updating your password regularly. Sites that require 90-day -- or whatever -- password upgrades do more harm than good. Unless you think your password might be compromised, don't change it."

Also: (I'm not allowed to paste links, so pls. also Google for the article "Changing Passwords" on Bruce Schneier's blog, Posted on November 11, 2010.) See the bottom line there.

So clearly, who designed BlackHatWorld Forum's annoying 'change your password' feature doesn't know that much about passwords and security than Bruce Schneier, the man.

That's not a big problem, we can always learn new things.

But hey! I sincerely hope you here know more about Black Hat SEO and whatnot, than password security.

Thanks, and keep up the good work!

Anyways, I entered my old password in the form, so requesting to change it was basically a useless exercise.

Ps. Pls. Also fix your forum engine that whenever I paste plain text from the clipboard, the cursor doesn't jump to the very end of the text box.

 

[Sherb]

Regarding your first mentioned blog post, I looked at it. The article was literally: how to choose a secure password. The line you mentioned is the only thing mentioned on the password upgrades.

Regarding your second mentioned blog post... it's five years old. Also, this is in the article: "The downside of changing passwords is that it makes them harder to remember. And if you force people to change their passwords regularly, they're more likely to choose easy-to-remember -- and easy-to-guess -- passwords than they are if they can use the same passwords for many years. So any password-changing policy needs to be chosen with that consideration in mind."

Basically it says the downside is that people may get lazy.

Come on, dude.

You're taking one person's opinion from years ago, and spinning to to mean that the entire forum security needs to change. And this is all coming from someone who joined this year and has contributed literal jack shit to the boards in that time.

This line:

"So clearly, who designed BlackHatWorld Forum's annoying 'change your password' feature doesn't know that much about passwords and security than Bruce Schneier, the man."

transforms you from someone who may just be a pretentious college kid who took one security class and thinks they know everything, to an asshole. This line: "Ps. Pls. Also fix your forum engine that whenever I paste plain text from the clipboard, the cursor doesn't jump to the very end of the text box." solidifies that.

I'm about to make a Forum Suggestion that you have to have been a member for a minimum of 12 months and have at least 100 posts to write a new topic in this section.

 

[Repulsor]

Regular password changes is mainly to avoid people from using same password on all accounts. By chance if you use the same password on all your accounts, compromising one of them will expose your BHW account too. With 90 days stuff, it wont be.

So when shit hits the fan, lets see how you are going to deal with it.

 

[Sherb]

Regular password changes is mainly to avoid people from using same password on all accounts. By chance if you use the same password on all your accounts, compromising one of them will expose your BHW account too. With 90 days stuff, it wont be.

So when shit hits the fan, lets see how you are going to deal with it.

This as well. It's covering BHW's ass as well. My white collar job forces me to change my password every 30 days.