1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password change every 46 days? really?

Discussion in 'Forum Suggestions & Feedback' started by eried, Jul 26, 2014.

Thread Status:
Not open for further replies.
  1. eried

    eried Newbie

    Joined:
    Jan 17, 2013
    Messages:
    14
    Likes Received:
    10
    Location:
    Chile
    Home Page:
    I just end using crappy passwords like qwerty123456, and ciclying between them. Struggling to re-login.

    What is the point of this?
     
  2. JoeMongan

    JoeMongan Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 24, 2013
    Messages:
    1,712
    Likes Received:
    3,553
    Location:
    International Waters
    If you pay attention you will see multiple people experiencing brute force attacks on their accounts.
    Resetting your password is for your security and make sure you use some special characters.
     
  3. eried

    eried Newbie

    Joined:
    Jan 17, 2013
    Messages:
    14
    Likes Received:
    10
    Location:
    Chile
    Home Page:
    I don't see the logic in your answer, a normal secure password (one that I can remember) like qwerty12345$ has more than 10 million combinations, impossible to get via bruteforce if the attempts are limited to a couple dozen a day, not in a millenium.

    Now, having to change every 46 days my password for A DIFFERENT one that I can remember, will only weaken that possibility, the bruteforce attack does not needs to change, he only gets mathematically more chances to get the password every 46 days. Do not tell me that you elaborate a very complex password every 46 days instead using a password with incremental info just to ease your reminder of the last one you used, or even less secure; you write down them.

    This only makes sense where there is a hash leak and that's is another history.

    References:
    pcmag.com/article2/0,2817,2362692,00.asp
    cryptosmith.com/node/218
    sepago.de/e/helge/2009/06/22/how-forcing-password-changes-actually-weakens-security
     
    • Thanks Thanks x 1
    Last edited: Jul 27, 2014
  4. mapp2819

    mapp2819 Regular Member

    Joined:
    May 7, 2011
    Messages:
    390
    Likes Received:
    266
    Occupation:
    Director
    Location:
    London, UK
    For peace of mind, 46 days really isn't an issue for me. There's plenty of similar combinations that can be used with special characters added.
     
  5. Crewchief007

    Crewchief007 Power Member

    Joined:
    May 27, 2009
    Messages:
    730
    Likes Received:
    525
    Gender:
    Male
    Occupation:
    Internet Marketer
    Location:
    Online
    OP, have you ever heard of:


    • Roboform
    • Lastpass
    • Excel spreadsheet

    I haven't typed in a single password since 2005; it sounds like you need to get with modern times.

    Exits thread...
     
    • Thanks Thanks x 1
  6. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    OP has a point. :)
     
    • Thanks Thanks x 2
  7. alexa_s

    alexa_s Regular Member

    Joined:
    Feb 6, 2010
    Messages:
    278
    Likes Received:
    85
    Yes, extremely annoying, "your password is 3 seconds old and therefore has expired". Then I have to try 5 times to see which one I changed it to last time. If this is so beneficial to security how come big sites (fb) never do it.
     
    • Thanks Thanks x 1
  8. eried

    eried Newbie

    Joined:
    Jan 17, 2013
    Messages:
    14
    Likes Received:
    10
    Location:
    Chile
    Home Page:
    You forget "All my passwords in plaintext.txt", space age guy. I use chrome sync for the forms and keepass for the bank accounts, but that not my point, you still have to change the password manually.
     
  9. tony20

    tony20 Power Member

    Joined:
    Nov 22, 2008
    Messages:
    725
    Likes Received:
    41
    Gender:
    Male
    Occupation:
    Making mo moneyyyy
    Location:
    Scotland the Brave!!
    I know, I find this very annoying too. Thought there was a setting in my settings that I could changes but doesn't seem to be.
     
  10. popcrdom29

    popcrdom29 Jr. VIP Jr. VIP Premium Member

    Joined:
    May 20, 2008
    Messages:
    807
    Likes Received:
    518
    I hear you, I use Roboform too and almost never manually type in passwords. Changing my PW every 46 days isn't a problem for me, I welcome it.

     
  11. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    11,962
    Likes Received:
    6,442
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    London
    Home Page:
    While this can be annoying, It's for your own safety. We change the number every now and then and Newbies have the lowest number. Consider becoming a Jr VIP or even donor to extend this time. We don't go out of our way to be awkward, it just minimizes the risks of hacked accounts which in turn lead onto threads being created asking for more security.

    Having said all that, based on feedback, we have now extended the amount of time needed before a password reset is forced for newbies.

    Hope this helps.
     
    • Thanks Thanks x 1
  12. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    This is NOT a secure password, it 's easily crackable via a hybrid dictionary attack.
     
Thread Status:
Not open for further replies.