Alcatravision Posted April 18, 2014 Posted April 18, 2014 That would be really great if we could setup a password policy for the registration process. http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation Like constraints on the password length and formation. It would be great to have that in the core settings.
Management Lindy Posted April 20, 2014 Management Posted April 20, 2014 I'm unsure if that could be worked into IPS 4.0 at this juncture, but I like the idea personally and it's definitely something to consider for the future.
Makoto Posted April 20, 2014 Posted April 20, 2014 Similar to what I suggested February of last year, '?do=embed' frameborder='0' data-embedContent>> Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default. Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement.
Rimi Posted April 20, 2014 Posted April 20, 2014 Similar to what I suggested February of last year,?do=embed' frameborder='0' data-embedContent> Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default. Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement.Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare.
Makoto Posted April 20, 2014 Posted April 20, 2014 Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare. If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here. For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online.
Rimi Posted April 20, 2014 Posted April 20, 2014 If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here. For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online.Am I the only one here who uses the same password for everything?
Makoto Posted April 20, 2014 Posted April 20, 2014 Am I the only one here who uses the same password for everything? No. I just hope you don't do any online banking.
Rimi Posted April 20, 2014 Posted April 20, 2014 No. I just hope you don't do any online banking.Admittedly those passwords and my server crap are all special circumstances and deserve better passwords. But we're talking about forums here.
opentype Posted April 20, 2014 Posted April 20, 2014 Am I the only one here who uses the same password for everything? Wow, I hope so. Until recently I had a clever system, in which I derived a unique password from the URL of the site. The resulting password was gibberish to anybody else but me and unique on every site. So there was nothing I had to remember. Now I just use 1Password and my passwords are so strong, even I don't know them anymore. :-)
Makoto Posted April 20, 2014 Posted April 20, 2014 I use Linux and have a GPG encrypted password wallet that stores my everyday passwords, but I still try and keep all of mine memorized.
media Posted April 20, 2014 Posted April 20, 2014 That would be really great if we could setup a password policy for the registration process. http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation Like constraints on the password length and formation. It would be great to have that in the core settings. I like the idea... Second this... :)
rct2·com Posted April 20, 2014 Posted April 20, 2014 I lay claim to the first request for this in 2007! Anybody care to try and beat that? ;) '?do=embed' frameborder='0' data-embedContent>> So Lindy, 6 and a half years notice not long enough for you? (w00t) They might be 'only forums' Rimi, but they include my email address, date of birth, Paypal details (in Marketplace), private conversations, ... Password cracking also allows people to impersonate me, share things on Facebook, ... I treat my passwords on forums as seriously as any others. (I use Password Safe to randomise and track my passwords)
elonegenio Posted April 20, 2014 Posted April 20, 2014 Gosh, if we are allowed to dream of something for password protection, how about some biometrics to really give IPS the "WOW" factor ! For boards that have subscriptions this would eliminate the sharing of passwords to bypass paying for access.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.