Wojciech Rebis Posted June 9, 2010 Share Posted June 9, 2010 We need to implement password strength, and password reset functionalities on our ipb forums for super-moderators and administrators. I've seen some topics about that on your forums. Do you think of developing these functionalities? If so - when? Link to comment Share on other sites More sharing options...
.Ian Posted June 9, 2010 Share Posted June 9, 2010 Recalling some of the previous threads on this ( ) I think the consensus was that a members account could not be hacked into in order to control the forum, therefore would be of much value to a forum, especially as when people register they are not going to be in power straight away. Perhaps the exception to this would be during install of IPB that the initial username has to have a more complex password. Perhaps the better way is to stress to all people with moderator / admin powers that they need to ensure that their passwords are strong and that they do not contain dictionary words for example and have at least one number in it. Link to comment Share on other sites More sharing options...
Biker.GA Posted June 9, 2010 Share Posted June 9, 2010 All the education in the world won't force a user to change their password. Saw this time and time again while managing security programs in the military. You can educate 'em all you want, but the only way to ensure strong passwords are used is to force it via the program, or issue them yourself. Link to comment Share on other sites More sharing options...
.Ian Posted June 9, 2010 Share Posted June 9, 2010 very true - couldn't even get my users to use the button for youtube - so wouldn't stand a chance on passwords! Link to comment Share on other sites More sharing options...
bfarber Posted June 9, 2010 Share Posted June 9, 2010 I can agree with the points made, but I'm not really in favor of the feature suggestion itself. If I want my password to be 'abc' and I'm a random member of a random site, I should be able to use that as my password. Sure, for banking sites and so on, I want a stronger password, and it's nice they have guidelines to enforce this. But random forum x on the internet shouldn't really dictate to me what password I can use. It's my password, after all. That's just my personal thoughts. Link to comment Share on other sites More sharing options...
Biker.GA Posted June 9, 2010 Share Posted June 9, 2010 I would say for the majority of "normal" users, no, this is not needed. However, the option to force strong passwords for "Staff" would be a nice touch. Especially for those with Admin rights. Link to comment Share on other sites More sharing options...
Wojciech Rebis Posted June 11, 2010 Author Share Posted June 11, 2010 If I want my password to be 'abc' and I'm a random member of a random site, I should be able to use that as my password. Yeah, but if my company's security policy for forum moderators/administrators is to have a strong password, there is no other way than forcing them to do it. You should make it possible to choose to which user groups it will be applied, so that normal users can use 'abc' passwords, while advanced users should use '4bC!*fG' :) I think that an administrator should be able to choose what password strength should users on his forum use. If I have a forum with very important data - I have to be very careful about security issues, including normal and advanced users' passwords. And your point (about random user) isn't a good point, since this feature might be switched off by default. If an administrator thinks that it is needed on his forum - then he can turn it on. Link to comment Share on other sites More sharing options...
bfarber Posted June 11, 2010 Share Posted June 11, 2010 Read my last sentence - these are my *personal* thoughts. Quite frankly when I reach a site with a password security policy, it better have a VERY compelling reason for me to try to come up with a random password I'll never remember (forcing me to either let my browser save it, or writing it down, which in my opinion WORSENS security). Link to comment Share on other sites More sharing options...
SethT Posted June 12, 2010 Share Posted June 12, 2010 How about an inline password strength notifier? Here's Microsoft's example Just as a visual cue for those that care. Link to comment Share on other sites More sharing options...
Robulosity2 Posted June 13, 2010 Share Posted June 13, 2010 http://www.passwordmeter.com/ as well Link to comment Share on other sites More sharing options...
Mr Omicron Posted August 23, 2010 Share Posted August 23, 2010 I would definately like to see some kind of system where admins can set a minimum required password strength e.g 7 characters, 1 capital letter, 1 number etc. @Brandon, Some forums need to be secure and users understand this. Not all forums are there for everyones use and access. If it is a public forum, I agree it is stupid, but some are small community private forums. There really should be an option to do this. At minimum, there should be an option to add a password strength meter which can also be effective as people can see that their password isn't the strongest and might make consideration to beef it up a bit. A lot of people don't understand they have weak passwords until they see something like this. Link to comment Share on other sites More sharing options...
Jυra Posted August 24, 2010 Share Posted August 24, 2010 If someone's password has been comprised, it's been comprised. What I read so far are gimmicks that won't solve that. With forums, it's many times the email account that the member or staff uses that is the cause. Link to comment Share on other sites More sharing options...
Jυra Posted August 24, 2010 Share Posted August 24, 2010 I somehow misspelled compromised? Link to comment Share on other sites More sharing options...
azjordian Posted September 9, 2010 Share Posted September 9, 2010 Hello, I am a user on a Message Board that uses IP 2.3.6. (tcboyle) I have sent in 3x to reset my password, because I recenlty changed it and then forgot where I wrote it down :( I also emailed the Admin, of the MB, but haven't got a reply as of this morning. Thank you for any help. azjordian Link to comment Share on other sites More sharing options...
Biker.GA Posted September 9, 2010 Share Posted September 9, 2010 Hello, I am a user on a Message Board that uses IP 2.3.6. (tcboyle) I have sent in 3x to reset my password, because I recenlty changed it and then forgot where I wrote it down :( I also emailed the Admin, of the MB, but haven't got a reply as of this morning. Thank you for any help. azjordian Nothing we can do here. You'll need to contact the Administrator of the site you're using. Link to comment Share on other sites More sharing options...
Paranormalis Posted September 9, 2010 Share Posted September 9, 2010 I somehow misspelled compromised? Nah, you just compromised on the spelling. haha Link to comment Share on other sites More sharing options...
azjordian Posted September 9, 2010 Share Posted September 9, 2010 Nothing we can do here. You'll need to contact the Administrator of the site you're using. I did. Nothing yesturday and nothing this morning. It is frustrating. Link to comment Share on other sites More sharing options...
Jυra Posted September 9, 2010 Share Posted September 9, 2010 If there are other admins or staff, you could make a new account and PM the more active ones (assuming they don't have email validation). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.