• Login
  • Register

DNN Forums

A community discussion page. We're starting from scratch, so...let's get the party started!

Password expiry

You are not authorized to post a reply.
Sort:
Page 1 of 212 > >>


New Member


Posts:9
New Member

    Hi there,

    Just now I figured to have a look at thies eforums again. Didn't get to that for a while. When I wanted to log in and got a message my password had expired.

    Seriously? Expire passwords on a community website?

    I think that's an awesome way to get rid of your users, to bew honest. Obviously I undserstand the decision from a security point of view, but it's not like we have sensitive private information on here. So we could easily leave that responsibility with the user. Really, on every other website I would have closed my browser and never return to the site again.

    There's a reason Facebook doesn't expire a password...

    Greetz,

    Stefan Kamphuis



    Advanced Member


    Posts:143
    Advanced Member

      Stefan,

      agreed. Anyway, from a security point of view, passwords are not really the best choice. It would be much better to give the user additional options like 2FA or FIDO2.

      Happy DNNing!
      Michael

      Michael Tobisch
      DNN★MVP

      dnnWerk Austria
      DNN Usergroup für den deutschsprachigen Raum
      DNN Connect


      Basic Member


      Posts:65
      Basic Member

        I think this can be configured your probably the first to have this happen.

        2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?


        Veteran Member


        Posts:298
        Veteran Member

          Posted By Cody on 12 Nov 2019 10:38 PM
          I think this can be configured your probably the first to have this happen.

          2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

          No he's not the first

           

           



          New Member


          Posts:14
          New Member

            Posted By Cody on 12 Nov 2019 10:38 PM
            I think this can be configured your probably the first to have this happen.

            2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

            No, Stefan is not the first to experience this problem.

            Forcing a password change is a dumb idea, in my opinion. Are we to be treated as if we do not know what we are doing? What makes you think that forcing a change of password is more secure than keeping an existing STRONG password? Surely it must be as easy for a hacker to crack the second or subsequent password as it is the first.

            I do understand that if someone's device is compromised, and their password to this site is stolen, the "hacker" could then access this site with the stolen credentials. What benefit would that be; post a few messages before being blocked?

            We want people posting here, not getting p1$$ed of because they can't login due to a forced password change and then, as in my case, not getting the password reset email. I am lucky in that I knowsomeone who could reset my password for me ;)

            Declan Ward

             

             

             

            You are not authorized to post a reply.
            Page 1 of 212 > >>

            These Forums are dedicated to discussion of DNN Platform.

            For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

            1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
            2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
            3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
            4. No Flaming or Trolling.
            5. No Profanity, Racism, or Prejudice.
            6. Site Moderators have the final word on approving / removing a thread or post or comment.
            7. English language posting only, please.

            Would you like to help us?

            Awesome! Simply post in the forums using the link below and we'll get you started.

            Get Involved