Alcatravision Posted April 18, 2014 Share Posted April 18, 2014 That would be really great if we could setup a password policy for the registration process. http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation Like constraints on the password length and formation. It would be great to have that in the core settings. Link to comment Share on other sites More sharing options...
Management Lindy Posted April 20, 2014 Management Share Posted April 20, 2014 I'm unsure if that could be worked into IPS 4.0 at this juncture, but I like the idea personally and it's definitely something to consider for the future. Link to comment Share on other sites More sharing options...
Makoto Posted April 20, 2014 Share Posted April 20, 2014 Similar to what I suggested February of last year, '?do=embed' frameborder='0' data-embedContent>> Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default. Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement. Link to comment Share on other sites More sharing options...
Rimi Posted April 20, 2014 Share Posted April 20, 2014 Similar to what I suggested February of last year,?do=embed' frameborder='0' data-embedContent> Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default. Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement.Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare. Link to comment Share on other sites More sharing options...
Makoto Posted April 20, 2014 Share Posted April 20, 2014 Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare. If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here. For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online. Link to comment Share on other sites More sharing options...
Rimi Posted April 20, 2014 Share Posted April 20, 2014 If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here. For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online.Am I the only one here who uses the same password for everything? Link to comment Share on other sites More sharing options...
Makoto Posted April 20, 2014 Share Posted April 20, 2014 Am I the only one here who uses the same password for everything? No. I just hope you don't do any online banking. Link to comment Share on other sites More sharing options...
Rimi Posted April 20, 2014 Share Posted April 20, 2014 No. I just hope you don't do any online banking.Admittedly those passwords and my server crap are all special circumstances and deserve better passwords. But we're talking about forums here. Link to comment Share on other sites More sharing options...
opentype Posted April 20, 2014 Share Posted April 20, 2014 Am I the only one here who uses the same password for everything? Wow, I hope so. Until recently I had a clever system, in which I derived a unique password from the URL of the site. The resulting password was gibberish to anybody else but me and unique on every site. So there was nothing I had to remember. Now I just use 1Password and my passwords are so strong, even I don't know them anymore. :-) Link to comment Share on other sites More sharing options...
Makoto Posted April 20, 2014 Share Posted April 20, 2014 I use Linux and have a GPG encrypted password wallet that stores my everyday passwords, but I still try and keep all of mine memorized. Link to comment Share on other sites More sharing options...
media Posted April 20, 2014 Share Posted April 20, 2014 That would be really great if we could setup a password policy for the registration process. http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation Like constraints on the password length and formation. It would be great to have that in the core settings. I like the idea... Second this... :) Link to comment Share on other sites More sharing options...
Adriano Faria Posted April 20, 2014 Share Posted April 20, 2014 Something like this hook: Link to comment Share on other sites More sharing options...
rct2·com Posted April 20, 2014 Share Posted April 20, 2014 I lay claim to the first request for this in 2007! Anybody care to try and beat that? ;) '?do=embed' frameborder='0' data-embedContent>> So Lindy, 6 and a half years notice not long enough for you? (w00t) They might be 'only forums' Rimi, but they include my email address, date of birth, Paypal details (in Marketplace), private conversations, ... Password cracking also allows people to impersonate me, share things on Facebook, ... I treat my passwords on forums as seriously as any others. (I use Password Safe to randomise and track my passwords) Link to comment Share on other sites More sharing options...
elonegenio Posted April 20, 2014 Share Posted April 20, 2014 Gosh, if we are allowed to dream of something for password protection, how about some biometrics to really give IPS the "WOW" factor ! For boards that have subscriptions this would eliminate the sharing of passwords to bypass paying for access. Link to comment Share on other sites More sharing options...
rct2·com Posted April 20, 2014 Share Posted April 20, 2014 Is this where I reach for the wood glue? ;) Link to comment Share on other sites More sharing options...
Aiwa Posted April 22, 2014 Share Posted April 22, 2014 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.