Hi there,
Just now I figured to have a look at thies eforums again. Didn't get to that for a while. When I wanted to log in and got a message my password had expired.
Seriously? Expire passwords on a community website?
I think that's an awesome way to get rid of your users, to bew honest. Obviously I undserstand the decision from a security point of view, but it's not like we have sensitive private information on here. So we could easily leave that responsibility with the user. Really, on every other website I would have closed my browser and never return to the site again.
There's a reason Facebook doesn't expire a password...
Greetz,
Stefan Kamphuis
Michael TobischDNN★MVP
Posted By Cody on 12 Nov 2019 10:38 PM I think this can be configured your probably the first to have this happen. 2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?
No he's not the first
No, Stefan is not the first to experience this problem.
Forcing a password change is a dumb idea, in my opinion. Are we to be treated as if we do not know what we are doing? What makes you think that forcing a change of password is more secure than keeping an existing STRONG password? Surely it must be as easy for a hacker to crack the second or subsequent password as it is the first.
I do understand that if someone's device is compromised, and their password to this site is stolen, the "hacker" could then access this site with the stolen credentials. What benefit would that be; post a few messages before being blocked?
We want people posting here, not getting p1$$ed of because they can't login due to a forced password change and then, as in my case, not getting the password reset email. I am lucky in that I knowsomeone who could reset my password for me ;)
Declan Ward
As we all agree about the inconvenience of password expiration for this website, who we should ask to change that setting ASAP? This is supposed to be a quite small group and we more or less should know who's responsible for dnnsoftware.org management, aren't we?
Happy, and sometimes too hard, DNNing ;-) Francisco
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.