Forced Password Changes

[Nebulous's iconNebulous]

On one forum I go to, it forces users to change their password every 180 days (or whatever)...



Do you think this is a good idea? Does it help a particular members security? Or just an annoying precaution?

 

[Jazzy]

That's very annoying and I don't like that one bit. I use the same password on all my forums. If I felt one of my accounts had been compromised, then I would have no choice but to ask to have it changed.

 

[Evil Eye]

I read something about how this actually makes it harder for people to remember their own passwords, thus causing more trouble than it saves.

It is a giant pain...

I use the same password on all my forums.

That's just a bad idea...

 

[DrLeftover]

At work I have to use strong passwords, most with symbols (#$&!) and CAPS as well as lowercase letters, and at least eight characters in them.



And we are forced to change them every so often.



And you CAN NOT re-use the same password for something like 36 months.



And the various servers and systems will not let you use stuff like P@ssword_2012 if you used Passw0rd_2011. You'll get a bile filled warning that they are too similar and if you do it again it will email the password police.



And you are not supposed to write them down and leave them on a sticky note under your keyboard, or have Windows remember them. Both can get you jacked by security if you're caught doing it. Unless you're Senior Management, of course.





The last go around I had I used Cigars$1979 for one of them.



Then I had to change it in 45 days.



Now, I understand all this. We are logging into secure systems, including the Big Computer, as well as communications systems used by 911, and vital records and what not.



Yes, it should be secure.



But a FORUM?



A bit excessive don't you think?

 

[Evil Eye]

But a FORUM?



A bit excessive don't you think?

That would depend. A big company's forum should be secure. I'm not so sure this is the right way, but they could get sued if something happens.

 

[Evil Eye]

But a FORUM?



A bit excessive don't you think?

That would depend. A big company's forum should be secure. I'm not so sure this is the right way, but they could get sued if something happens.

 

[Scarbo]

I'd probably change it, then forget. In fact I would. 180 days isn't too bad, I've had some forums force it every 1-3 weeks!

 

[Progrumz]

Maybe it's a good idea, but I don't think forcing it on members is a great idea. Most would probably see it as more of an annoyance than anything. My school forces us to change our password for their network every three months, and it's extremely annoying. It's probably necessary, though, considering the fact that most of the students probably use passwords like 1234 or something. XD

 

[Evil Eye]

It's probably necessary, though, considering the fact that most of the students probably use passwords like 1234 or something. XD

Been there done that

I used 'password' as a password and kept adding extra exclamation marks each time they made me change it. There was nothing of value on there, it was horribly pointless.

 

[Ashley]

As far as I can remember, I've only been forced to change my password once in my time on forums. There was this huge security breech on a site I was a member of, something about a stolen database or something, and it still had it like where all the members were logged in on both databases, or the passwords were the same, so you could be posting on the real forum, and the theif could post as you on the spoof site. Sort of a fool-proof way of being hacked, I guess you could say. We also had the option of changing our usernames as well, and I thought, just for security's sake, I would change both my username and password, so the theif couldn't post as me on the stolen database. It seemed to work, as we heard nothing more after the original incident.