Miata Turbo Forum - Boost cars, acquire cats.

Miata Turbo Forum - Boost cars, acquire cats. (https://www.miataturbo.net/)
-   Front Desk (https://www.miataturbo.net/front-desk-17/)
-   -   MT password requirements are stupid (https://www.miataturbo.net/front-desk-17/mt-password-requirements-stupid-101874/)

y8s 01-06-2020 10:28 AM
MT password requirements are stupid
 
@Braineack tag the IB admins. I forget who they are.


Seriously, haven't we all learned that all of the bullshit symbol and character requirements for passwords are no longer the best practice for passwords? I just got the "your password is 91 days old" nag and the new requirements are the dipshit IT departments best guess at how to be secure from 2002.


Here's my prediction based on the below facts:

1. passwords must be changed every 90 days

2. passwords must be sufficiently complex, using like 5 different character types

3. passwords must not be the same as previous ones


Prediction: in about 90 days, your users will just tell you to fuck off. And each time you force a new password, you'll lose more users.


The reality is that overly complicated passwords aren't that much more secure. And many systems have ditched 90 day password expirations because a post-it note with your password is pretty damn un-secure.


https://howsecureismypassword.net/

B@dd0g1! (9 hours-- fits MT requirements, pita to remember)

miatas0good4drifting (11 billion years-- easy to remember)

You@MTsuck99dicks! (7 quadrillion years-- fits MT requirements, but we can't all have the same awesome password...)

msmola2002 01-06-2020 10:39 AM
@Robb M. is your friendly admin, I believe.

Robb M. 01-06-2020 11:05 AM
hey @y8s members don't have a 90 day password requirement, only super mods do. As for the complexity stuff, that's all been demanded by the new CCPA that came into effect on Jan 1. I updated the expiry to 180 days.

Erat 01-06-2020 11:28 AM
They made us all do that at work. Now everyone's password is "Password123!". We've been getting alerts for "phishing" every other week since the change.

y8s 01-06-2020 12:22 PM
Believe me, I know. We are NIST compliant here and I have to use some dipshit third party app for 2FA in addition to all the password BS. The difference is the paycheck.

180 days is better, thank you.

And believe me I also know all about the california privacy laws. My friend is a lawyer writing them for all the big tech firms. I send her text messages to express my displeasure.

Robb M. 01-06-2020 12:25 PM
consider yourself lucky, i have to use 2fa to get into any of our communities and again to get into the adminCP 🙃

Braineack 01-06-2020 03:41 PM
i still have the same password here from like 2006.

Robb M. 01-06-2020 03:46 PM
looks like admins don't have a password expiry set, so it makes absolutely no sense that super mods do. @y8s have you always had to rotate your password every 90 days?
edit; mods also have a 90 day expiry set.

y8s 01-06-2020 04:00 PM
I can't recall how long, but it probably coincides with the IB takeover or maybe the last big version upgrade of the forum software.

Robb M. 01-06-2020 04:01 PM
limits removed.

shuiend 01-06-2020 05:16 PM
Originally Posted by Robb M. (Post 1558903)
looks like admins don't have a password expiry set, so it makes absolutely no sense that super mods do. @y8s have you always had to rotate your password every 90 days?
edit; mods also have a 90 day expiry set.

I had Nolan turn that off years ago.

y8s 01-09-2020 02:13 PM
thanks Robb.


All times are GMT -4. The time now is 01:22 PM.


© 2024 MH Sub I, LLC dba Internet Brands