How to remove this: Your password is 941 days old, and has therefore expired.

[virtuality]

Every 941 days the forum asks me to change the password. That is very annoying.

Bruce Schneier, cryptographer, computer security and privacy specialist, and writer argues requiring your users to change their passwords, for no other reason than it being old, makes the average user less secure.

Admin, with respect: What's your argument against Bruce? Maybe I can learn something new here.

 

[Spacehead]

I don't ever remember the forum asking me to change my password other than the recent security breach about a month ago when all passwords were reset. I know i've changed it before but don't remember being required & don't recall this problem being asked about before by others.

edit-
Just noticed, you've been here about 3.5 yrs & you say you're being required to change you password every 2.5 yrs. So that's a whopping 1 password change.
Might want to read this thread:
http://forums.anandtech.com/showthread.php?t=2477224

 

[Mike64]

Every 941 days the forum asks me to change the password. That is very annoying.

If that's the most annoying thing that has happened to you in the past 941 days, I want your life! <roflmao>

 

[virtuality]

Meanwhile, new post from Bruce Schneier: Frequent Password Changes Is a Bad Security Idea

 

[Mike64]

Meanwhile, new post from Bruce Schneier: Frequent Password Changes Is a Bad Security Idea

(A) You consider once every 2.5 years to be "frequent"? Dare one ask how often you bathe?/<g,d&r>

B) Do you really worry about real "security" on web forums? I certainly don't. I save that for situations when it's worthwhile. Unless it's a site that involves "personal data" more sensitive than my real name (when even that is involved), I use very easy to remember, formula-based passwords that a "hacker" with an IQ of 90 could probably figure out in about 15 minutes of half-assed thought and a brute force attack with average hardware could most likely crack in ≤ 15-30 seconds. I mean, (a) since there's no real-world benefit to doing it in the first place, how often does anyone really even try? (except maybe for a few kids' siblings or junior high school classmates) and (b) even if they do, what's the worst that can happen? Someone posing as me goes haywire posting incorrect answers to simple tech questions or random nonsense in ATOT threads (though admittedly in the latter case, it might be hard to tell the difference<g>)?* Somehow I imagine I (and everyone else on whatever the forum in question might be) would survive such an onslaught until a mod noticed or it were brought to his or her attention and and shut down the UID...
_______________________
* PSA: Should anyone ever receive anything resembling a "phishing PM" from my UID, by all means, don't reply to it and don't click on any links it might contain! I don't want to know your SSN, DOB, or childhood pet's or maternal grandmother's maiden name. And I certainly won't ever want to know "what you're wearing right now", nor any "stats" you haven't already revealed in norseamd's "shoe size" thread (and I'd be lying if I said I really wanted to know those either, for that matter)...

 

[Titillating]

We had a security breach in June. We forced a mandatory password reset to protect our users. If you choose to ignore that and use an old password/variation of it because "frequent password change is bad" (once every ~3 years is hardly frequent), that is entirely your prerogative. As for us, we will take whatever steps we feel are necessary in order to protect others' data.