Why do we have to keep changing the password? - Page 2
Register
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 54
  1. #16
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by satsmo View Post
    I sat through a conference,(not one solely representative of online social media), on just this topic only yesterday and to be perfectly honest the facts and figures do not match up across the board.

    I would love to introduce some form of one time passcode but VB is quite limited and to be honest so are most peoples' time that run forums.

    I appreciate your opinion on the matter of the cons of our current set up, but it is something that has worked quite well for us and many other forums.

    .

    Cool, conference, you could have been moderating DK

    Guessing it would be too much hassle to make it IP address referenced

    e.g. when at home ip address the password CAN be simple 'dawg' 'cat' etc etc, and when at another members gaff, or 'new' computer has to have some kind of 'long' password.

    Like say peoples credit card numbers, so they can donate to DK AND log in in one hit.
    Was Banned For Being Certifiably Insane and Stupid

  2. #17
    DK Veteran
    Join Date
    Jun 2011
    Location
    Last spotted in Wales
    Posts
    695
    Thanks
    0
    Thanked 25 Times in 16 Posts
    Downloads
    12
    Uploads
    0

    Default

    Quote Originally Posted by satsmo View Post
    I appreciate your opinion on the matter of the cons of our current set up, but it is something that has worked quite well for us and many other forums.
    tbh, its more of an interest in why you think regular password changing adds to forum security in any significant way rather than a criticism. My background is in computer security (not forums) so I guess i'm just nosey as to why certain perceptions may be prevelent even though the opposite might actually be true.

    Quote Originally Posted by satsmo View Post
    I would love to introduce some form of one time passcode but VB is quite limited and to be honest so are most peoples' time that run forums.
    Obviously that would be far more secure in terms of account security but, as you hint, it would also be more difficult to set up and maintain and very likely not worth the hassle.

    Ultimately, I suppose you need to ask yourself what it is your trying to protect. User account security should really have little impact on forum security (i'm sure site Admin/Moderators have a somewhat different password policy than standard users) and very few forum 'hacks' actually require an attacker to be logged in.

  3. #18
    Administrator
    Devilfish's Avatar
    Join Date
    Feb 2008
    Location
    /cdk
    Posts
    8,986
    Thanks
    66
    Thanked 1,301 Times in 196 Posts
    Downloads
    291
    Uploads
    112

    Default

    Haven't read this full thread so apologies for that. We enabled the password change option because I had a few people coming to me saying their account had been hacked or password guessed and could I sort it out, change their password back, change their email address, etc. Now I'm presented with the question of is this person the real account holder and are they who they say are? To cut short, it's a pain the ass for me to sort out. It's not a solution, people will still pick weak passwords for whatever reason. But it's an additional security feature. Most of the time it's not the forum account that's been compromised, it's been the members email address and they managed to reset the forum password using that.

    In any case, I'm not planning to disable it so please just change it when asked.
    Get Digital Kaos on your Apple or Android device with Tapatalk

  4. #19
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by Devilfish View Post
    Now I'm presented with the question of is this person the real account holder and are they who they say are? To cut short, it's a pain the ass for me to sort out..

    cool, your the boss so can't argue but does it not show up ip address, if if somebody else is trying to access another account does it not flag up.


    Hotmail seems to get hacked a lot, no matter what password you use!

    Would be nice if a warning popped up?
    Was Banned For Being Certifiably Insane and Stupid

  5. #20
    DK Veteran
    Join Date
    Jun 2011
    Location
    Last spotted in Wales
    Posts
    695
    Thanks
    0
    Thanked 25 Times in 16 Posts
    Downloads
    12
    Uploads
    0

    Default

    Quote Originally Posted by Meat-Head View Post
    ...... but does it not show up ip address, if if somebody else is trying to access another account does it not flag up.
    IP address can be fairly meaningless. Large amounts of people have dynamic IP's which change regularly (standard with ADSL unless you've got static ip) and there are also significant numbers of people using vpn's (probably via another country, making geo-tracing useless).

  6. #21
    DK Veteran
    Join Date
    Jun 2011
    Location
    Last spotted in Wales
    Posts
    695
    Thanks
    0
    Thanked 25 Times in 16 Posts
    Downloads
    12
    Uploads
    0

    Default

    Quote Originally Posted by Devilfish View Post
    Haven't read this full thread so apologies for that. We enabled the password change option because I had a few people coming to me saying their account had been hacked or password guessed and could I sort it out,.......
    That sort of seems to emphasise my point that the average user isn't particularly concerned about security. Unfortunately, from your point of view, there really is no solution as nothing you can do fixes the fundamental problem of people using insecure passwords (especially on the often one-off registration e-mail addresses).

    A better solution might actually be to tell users that lose control of their account that the old account is banned and they must make a new account. It may seem harsh but maybe lessons will be learned......

  7. #22
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by TheCoder View Post
    ).

    A better solution might actually be to tell users that lose control of their account that the old account is banned and they must make a new account. It may seem harsh but maybe lessons will be learned......
    that would be fine for leechers, but what about 'high profile' posters



    it would get a bit out of hand asking for DOB and inside leg meausrement etc etc.
    Was Banned For Being Certifiably Insane and Stupid

  8. #23
    Mr. DK DJ
    maca's Avatar
    Join Date
    Feb 2009
    Location
    liverpool
    Posts
    7,723
    Thanks
    486
    Thanked 1,161 Times in 640 Posts
    Downloads
    97
    Uploads
    0

    Default

    You cant download untill you have 5 useful posts that have been thanked ???
    Last edited by maca; 5th July, 2012 at 10:26 PM.

  9. #24
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by maca58 View Post
    You cant download untill you have 5 useful posts that have been thanked ???
    chuff, no scrap that if GMB lost his password he would be at it for weeks.

    also means the moderator team spends hours scooping up garbage
    Was Banned For Being Certifiably Insane and Stupid

  10. #25
    Mr. DK DJ
    maca's Avatar
    Join Date
    Feb 2009
    Location
    liverpool
    Posts
    7,723
    Thanks
    486
    Thanked 1,161 Times in 640 Posts
    Downloads
    97
    Uploads
    0

    Default

    Ok i get it stfu maca

  11. #26
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by maca58 View Post
    Ok i get it stfu maca
    use the stalk botton you will see it's been suggested a million times and rejected a million times.
    Was Banned For Being Certifiably Insane and Stupid

  12. #27
    Mr. DK DJ
    maca's Avatar
    Join Date
    Feb 2009
    Location
    liverpool
    Posts
    7,723
    Thanks
    486
    Thanked 1,161 Times in 640 Posts
    Downloads
    97
    Uploads
    0

    Default

    Its late i cant be arsed reading

  13. #28
    DK Veteran
    Join Date
    Jun 2011
    Location
    Last spotted in Wales
    Posts
    695
    Thanks
    0
    Thanked 25 Times in 16 Posts
    Downloads
    12
    Uploads
    0

    Default

    Quote Originally Posted by Meat-Head View Post
    that would be fine for leechers, but what about 'high profile' posters.
    If 'high profile' posters cant control their own accounts properly then do they really deserve to be high profile ?

    This is supposed to be a technical forum after all !

    Anyway, lose your 'high profile' account once and your unlikely to let it happen again (assuming it matters to you) so perhaps its a matter of just letting lessons be learned.

  14. #29
    V.I.P. Member haribo's Avatar
    Join Date
    Jun 2008
    Location
    in my car
    Posts
    913
    Thanks
    3
    Thanked 2 Times in 2 Posts
    Downloads
    2
    Uploads
    0

    Default

    Quote Originally Posted by TheCoder View Post
    If 'high profile' posters cant control their own accounts properly then do they really deserve to be high profile ?

    This is supposed to be a technical forum after all !

    Anyway, lose your 'high profile' account once and your unlikely to let it happen again (assuming it matters to you) so perhaps its a matter of just letting lessons be learned.
    Stop it please! i refuse to click thanks on 3rd post of yours tonight, but couldnt have put that better myself

  15. #30
    V.I.P. Member
    Meat-Head's Avatar
    Join Date
    Oct 2009
    Location
    Meatheadshire (Between London and Scotland)
    Posts
    30,771
    Thanks
    7,908
    Thanked 5,443 Times in 4,296 Posts
    Downloads
    1
    Uploads
    1

    Default

    Quote Originally Posted by TheCoder View Post
    If 'high profile' posters cant control their own accounts properly then do they really deserve to be high profile ?

    .

    don't know what happened but our own top shite poster GMB45 his account got hijacked and caused no end of greif for him and team admin.

    my own hotmail and that of Z786 has been hacked (yioutube for it)

    if anybody wishes to store my password for me then it's here

    Supercalifragi-listicexpialidocious.
    Was Banned For Being Certifiably Insane and Stupid

 

 
Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •