Account Breach incident
Forum Index > Core > Announcements > News Archive >
Thank you for the info! i had no idea since i usually change passwords over time or diractly delete accounts when im not using sites anymore, guess i forgot some sites!
Now i'll be able to solve that too, thank you!
If it hasn't been suggested yet, a stronger password system could make us incorporate longer passwords, force reset after 'n' days, and inability to reuse the last 'n' amount of passwords.
Our company passwords reset after 90 days, require at least 16 characters with a special character and number, and you cannot reuse the last 10 passwords. Albeit that's excessive, it's government related and involves health information that's temporarily stored to their account so maybe a force reset after 180 days or so wouldn't be as nagging.
Type Race 0
Avatar art by NARUTO999-BY-ROKER - DeviantArt
TR Trophies
Aight I've been trying to stay out of this but just let me say...
Dear god. please. no forced password resets. My anxiety is horrendous enough. x_x
(avatar credit)
Helioptile fanart drawn by me in the Colors3D 3DS app.
Actual sig coming eventually :p
QUOTE originally posted by Tré Cool
If it hasn't been suggested yet, a stronger password system could make us incorporate longer passwords, force reset after 'n' days, and inability to reuse the last 'n' amount of passwords.
Our company passwords reset after 90 days, require at least 16 characters with a special character and number, and you cannot reuse the last 10 passwords. Albeit that's excessive, it's government related and involves health information that's temporarily stored to their account so maybe a force reset after 180 days or so wouldn't be as nagging.
*11/300 Fujin's Lamp
All avatar credit of Nathaniel the Natu goes to Sina142's joint art shop.
Please read one of my previous posts. All that does is serve to confuse users on which password it is that they used.
Avatar by the best lizard ever, Bananalizard
#standwithEMS #ELM
Score: 0
Oh gosh, password expiration on a casual game site is not a good idea at all. Modern 2FA solves the problem much more effectively and with much less annoyance.
Security professionals have studied this and concluded that password expiration is most likely a outdated concept for many use cases. People who are subject to frequent password changes are more likely to create worse passwords, and often make their passwords sequential in some way (ex: password1, password2, password3...)
How would you even handle old users coming back with an expired password? If you allow them to reset it right then using the old password you have not prevented the attack that happened here. If you require email address involvement you end up with a lot more tickets when people can't remember which email they signed up with.
Sorry for the TL;DR but I feel strongly about this.
Don't worry, I know all about password problems XD
I'm investigating 2FA. Still can't guarantee it's happening but I like the idea.
I like the sound of 2FA, but I rather have how Blizzard has it, and you can have a phone number associated with said account, in order to have a second form of authentication. Again, I don't know how plausible it is on a website developer point of view, but that's my prefered way of a 2FA, as emails can be compromised much easier than a phone.
This is such a sad affair. I'm really disappointed that the person felt being malicious and shady was worth pixels on a screen. Personally I'm glad that they're blocked from using the site easily, as they've forfted their right to their "dream team".
In regards to the password discussion, maybe rather than an expiration on passwords, a reminder to update/change your password can be implemented? I'm sure this event won't leave the site's collective conciousness, and giving one a reminder every 90 days would be helpful in securing one's account.
QUOTE originally posted by Bubble07
This is such a sad affair. I'm really disappointed that the person felt being malicious and shady was worth pixels on a screen. Personally I'm glad that they're blocked from using the site easily, as they've forfted their right to their "dream team".
In regards to the password discussion, maybe rather than an expiration on passwords, a reminder to update/change your password can be implemented? I'm sure this event won't leave the site's collective conciousness, and giving one a reminder every 90 days would be helpful in securing one's account.
T h e P r i n c e s s S h o p
Avatar Art by Lady-Penumbra. For me
Signature by CatEnergetic, with help from Wardove. Official GIF from Steven Universe!
Cannot post: Please log in to post