|
R-S shouldn't be responsible for people being stupid with their passwords, however it's every 120 days or so which is just enough to shut anybody up who cries "lack of security on R-S!!" whenever they get their account compromised, whilst at the same time not being annoying enough to bitch about.
Considering you (apparently) can just reuse the same password, take the 5 seconds to retype your password 3 times a year and get over it.
u all don't seem to understand that forcing ppl to change passwords doesnt make anyone more secure
but w/e keep thinking rune-server is the exception to the rule lol
This comment pissed me off the most. 9 years ago I would've flamed the hell out of you rofl.
But
Honestly there's been times I've gotten the annoying 100 day password expiration thing & I cannot be bothered with changing it so I would just log back out rofl.
But anyways 2018, if people are still going after rune-server accounts, then they should be necked asap.
But his point still stands, every time I get the prompt to change my password I change it to the same password, if you add the option so you can't change it to previous passwords then I'd stop using the site.
The vast majority of people don't "change" their password and those that do would do it of their own accord anyway, so all it accomplishes is a nuisance and a few minutes of wasted time
Ok when you have people reusing passwords on all sorts of RSPSes and those RSPSes having no clue about any level of security and their player databases get stolen dumped and the passwords get cracked, how is it not more secure for us to force you to change your password (from the one that was likely included in that dump if you're an average rsps player)?
This is conjecture and you have no statistics to back it up
Lets also not forget vBulletin 4.* still uses md5(md5(password) + salt), so god forbid that rune-server ever was hacked your passwords are not exactly safe to begin with, so the use of a strong password and enforcing change every 120 days (3 times a year) is really nothing. It shouldn't let you reuse the same password though, sort of defeats the entire fucking purpose, but hey go vBulletin!!!
cuz, as mentioned in every study in the op, people don't actually make new unique passwords lol if the service doesn't have a function expiration system (like vb), then they reuse the same1 and if it does, they often just make their new 1 a derivative of the old one
all the stats say that the effects of password resets are negligible at best lol
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |
Tags for this Thread |