Option to reset all members' passwords

[Morrigan]

How is there a short coming in that?

A button in the ACP that says "I've been hacked Force all users to reset their password". It checks every user in the database. Issue resolved. Unless these same users have their email hacked as well and even then you aren't going to get the hackers out of the system without banning the hacked members but their email is not your responsibility.

All I stated was the main use for me would be a single user instance.

[RPG-support]

17 minutes ago, Morrigan said:

How is there a short coming in that?

It will take long time before all users will read your emails and change their passwords. The next step - hacker has the ACP access and change users' Emails (especially those who have administrative rights). 

 

[Morrigan]

But that's what I'm saying. Once the check mark is in place. No matter how many times they enter their password they will only be provided with that link until it's reset which would REQUIRE said hacker has access to the person's email in order to recover it. The solution still stands.

[MADMAN32395]

25 minutes ago, Morrigan said:

How is there a short coming in that?

A button in the ACP that says "I've been hacked Force all users to reset their password". It checks every user in the database. Issue resolved. Unless these same users have their email hacked as well and even then you aren't going to get the hackers out of the system without banning the hacked members but their email is not your responsibility.

All I stated was the main use for me would be a single user instance.

yea, reading in your previous post and this one. I agree and like your method better. have a option to do all members and just individual users.

[RPG-support]

14 minutes ago, Morrigan said:

But that's what I'm saying. Once the check mark is in place. No matter how many times they enter their password they will only be provided with that link until it's reset which would REQUIRE said hacker has access to the person's email in order to recover it. The solution still stands.

Well, in simple situations (you noticed the attack soon after it began) it will with a high probability work. 

In more complicated situations it will with the high probability not work. For example, you have huge comunity with thousands members and many moderators. You do not know when the attack started (when sql injection or XSS attack started, how many passwords were hijacked, how many emails were changed) and it is going on right now. And you need the quick and forceful method to stop this. So, in this situation you reset all passwords and automatically revert all changed emails for the last x days/months. You will have more chances to keep most users "alive" on this battlefield.

[Morrigan]

This is a forceful method to stop it. It's low on server resources because it's updating one field.

If you're hacked and emails have been changed then you will still have to put them back to where they were and a password "reset" wouldn't fix anything if the emails were changed anyways.

[RPG-support]

3 minutes ago, Morrigan said:

This is a forceful method to stop it. It's low on server resources because it's updating one field.

Passwords reset and putting emails back will not cause your server overload especially when your suite is offline and your main task is to keep your ship aswim. Otherwise you will have to upload the old database with previous unchanged passwords and emails, but loose some content. 

[Morrigan]

I think that you are not considering this correctly because password resets means that the server has to regenerate the password for each individual user, email them their new password AND update their email. That's 3 things to my one thing.

If an email has been updated and confirmed I'm not sure that the suite is capable of putting it back, regardless.

[RPG-support]

13 minutes ago, Morrigan said:

password resets means that the server has to regenerate the password for each individual user, email them their new password AND update their email.

First of all it is not necessary to do all free steps at one time especially when your comunity is offline. Secondly, resetting passwords will not take much server resources. You do not need to email users at all because they will see notification to click "Send me new password (or link) now" at the next login. And finally emails changes may be logged in the same way as display names or other actions are being logged now (and you may restore emails easily then). This is the question of 2-3 dyas work for developers but will greatly help in restoring the comunity along with applying several security patches.  All we have now - security patches. But we deserve more.

[Morrigan]

You know what, I'm stepping out of this conversation. I think I've explained a very sound option for what you are looking for that would be something that I would support in core.

Unfortunately I don't believe your option is neither a good one, nor one that I would be happy with it being something on my forum. The option in general is a dangerous one.

I think that if you need this option then you may have bigger problems that you need to possibly look into a better hosting option or more regular maintenance to be sure your community is up to date.

[MADMAN32395]

2 minutes ago, shop.a108.net said:

First of all it is not necessary to do all free steps at one time especially when your comunity is offline. Secondly, resetting passwords will not take much server resources. You do not need to email users at all because they will see notification to click "Send me new password (or link) now" at the next login. And finally emails changes may be logged in the same way as display names or other actions are being logged now (and you may restore emails easily then). This is the question of 2-3 dyas work for developers but will greatly help in restoring the comunity along with applying several security patches.  All we have now - security patches. But we deserve more.

if we are that worried about changing passwords after a break in or leak. Why not just have the system just simply delete the passwords? I know some login handlers don't ask for a local password during registration. So some users ive seen wouldnt have a password at all if they just use 3rd party login.

 

I am still onboard with Morrigan's idea, of just setting a user flag; maybe remix it to also just delete the password off the user as well?

[RPG-support]

4 minutes ago, Morrigan said:

The option in general is a dangerous one.

At this point you should choose between up to date complicated but helpful options and all other half measures.

4 minutes ago, Morrigan said:

you need to possibly look into a better hosting option or more regular maintenance to be sure your community is up to date.

I have dedicated (Hetzner) server with 24 hours tech. supports of all kinds as all huge communities with professional attitude do.

[RPG-support]

9 minutes ago, MADMAN32395 said:

Why not just have the system just simply delete the passwords?

This may be the option in ACP to choose from, of course. The main idea is to have more options to keep the comunity alive.

[Colonel_mortis]

10 hours ago, Morrigan said:

How is there a short coming in that?

A button in the ACP that says "I've been hacked Force all users to reset their password". It checks every user in the database. Issue resolved. Unless these same users have their email hacked as well and even then you aren't going to get the hackers out of the system without banning the hacked members but their email is not your responsibility.

All I stated was the main use for me would be a single user instance.

A lot of people use the same password for different sites, so members need to be emailed about a security breach so that they can take the necessary precautions.

[Morrigan]

That's fine @Colonel_mortis but you don't have to force change their password on the site. Adding the ability to email them is fine. Still doesn't change that it's a sound answer.

[PedroNL]

+1