y8s

iTrader: (8)

@Braineack tag the IB admins. I forget who they are.


Seriously, haven't we all learned that all of the bullshit symbol and character requirements for passwords are no longer the best practice for passwords? I just got the "your password is 91 days old" nag and the new requirements are the dipshit IT departments best guess at how to be secure from 2002.


Here's my prediction based on the below facts:

1. passwords must be changed every 90 days

2. passwords must be sufficiently complex, using like 5 different character types

3. passwords must not be the same as previous ones


Prediction: in about 90 days, your users will just tell you to **** off. And each time you force a new password, you'll lose more users.


The reality is that overly complicated passwords aren't that much more secure. And many systems have ditched 90 day password expirations because a post-it note with your password is pretty damn un-secure.


https://howsecureismypassword.net/

B@dd0g1! (9 hours-- fits MT requirements, pita to remember)

miatas0good4drifting (11 billion years-- easy to remember)

You@MTsuck99dicks! (7 quadrillion years-- fits MT requirements, but we can't all have the same awesome password...)

msmola2002

@Robb M. is your friendly admin, I believe.

Robb M.

hey @y8s members don't have a 90 day password requirement, only super mods do. As for the complexity stuff, that's all been demanded by the new CCPA that came into effect on Jan 1. I updated the expiry to 180 days.

Erat

iTrader: (5)

They made us all do that at work. Now everyone's password is "Password123!". We've been getting alerts for "phishing" every other week since the change.

y8s

iTrader: (8)

Believe me, I know. We are NIST compliant here and I have to use some dipshit third party app for 2FA in addition to all the password BS. The difference is the paycheck.

180 days is better, thank you.

And believe me I also know all about the california privacy laws. My friend is a lawyer writing them for all the big tech firms. I send her text messages to express my displeasure.

Robb M.

consider yourself lucky, i have to use 2fa to get into any of our communities and again to get into the adminCP 🙃

Braineack

iTrader: (62)

i still have the same password here from like 2006.

Robb M.

looks like admins don't have a password expiry set, so it makes absolutely no sense that super mods do. @y8s have you always had to rotate your password every 90 days?
edit; mods also have a 90 day expiry set.

y8s

iTrader: (8)

I can't recall how long, but it probably coincides with the IB takeover or maybe the last big version upgrade of the forum software.

Robb M.

limits removed.

shuiend

iTrader: (24)

I had Nolan turn that off years ago.

y8s

iTrader: (8)

thanks Robb.