DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

Password expiry

Forums > About dnncommunity.org
Sort:
You are not authorized to post a reply.





Stefan Kamphuis (40F)

Growing Member



Posts:39
Growing Member




11/10/2019 4:48 AM

    Hi there,

    Just now I figured to have a look at thies eforums again. Didn't get to that for a while. When I wanted to log in and got a message my password had expired.

    Seriously? Expire passwords on a community website?

    I think that's an awesome way to get rid of your users, to bew honest. Obviously I undserstand the decision from a security point of view, but it's not like we have sensitive private information on here. So we could easily leave that responsibility with the user. Really, on every other website I would have closed my browser and never return to the site again.

    There's a reason Facebook doesn't expire a password...

    Greetz,

    Stefan Kamphuis

    40FINGERS Web Solutions · SEO Redirect · Style Helper · DDR Menu Demo Skins





    Michael Tobisch

    Veteran Member



    Posts:1124
    Veteran Member




    11/11/2019 1:38 AM
      Stefan,

      agreed. Anyway, from a security point of view, passwords are not really the best choice. It would be much better to give the user additional options like 2FA or FIDO2.

      Happy DNNing!
      Michael

      Michael Tobisch
      DNN★MVP

      dnnWerk Austria
      DNN Connect





      Cody

      Growing Member



      Posts:95
      Growing Member




      11/12/2019 9:38 PM
        I think this can be configured your probably the first to have this happen.

        2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?
        Help Contribute GitHub DNN Community Platform .NET Foundation Open Source Project!
        also: dnndocs.com you can Contribute on GitHub!





        Timo Breumelhof (40F)

        Veteran Member



        Posts:1096
        Veteran Member




        11/15/2019 3:47 AM
          Posted By Cody on 12 Nov 2019 10:38 PM
          I think this can be configured your probably the first to have this happen.

          2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

          No he's not the first

           

           

          40FINGERS Web Solutions · Style Helper · DDR Menu Demo Skins · SEO Redirect





          Declan Ward

          Growing Member



          Posts:32
          Growing Member




          11/15/2019 4:25 AM
            Posted By Cody on 12 Nov 2019 10:38 PM
            I think this can be configured your probably the first to have this happen.

            2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

            No, Stefan is not the first to experience this problem.

            Forcing a password change is a dumb idea, in my opinion. Are we to be treated as if we do not know what we are doing? What makes you think that forcing a change of password is more secure than keeping an existing STRONG password? Surely it must be as easy for a hacker to crack the second or subsequent password as it is the first.

            I do understand that if someone's device is compromised, and their password to this site is stolen, the "hacker" could then access this site with the stolen credentials. What benefit would that be; post a few messages before being blocked?

            We want people posting here, not getting p1$$ed of because they can't login due to a forced password change and then, as in my case, not getting the password reset email. I am lucky in that I knowsomeone who could reset my password for me ;)

            Declan Ward

             

             

             






            Francisco Pérez Andrés

            Growing Member



            Posts:59
            Growing Member




            11/17/2019 3:00 AM

              As we all agree about the inconvenience of password expiration for this website, who we should ask to change that setting ASAP? This is supposed to be a quite small group and we more or less should know who's responsible for dnnsoftware.org management, aren't we?

              Happy, and sometimes too hard, DNNing ;-)
              Francisco

              Expertos DNN en Madrid - Blog DNN España
              You are not authorized to post a reply.

              These Forums are dedicated to the discussion of DNN Platform.

              For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

              1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
              2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
              3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
              4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
              5. No Flaming or Trolling.
              6. No Profanity, Racism, or Prejudice.
              7. Site Moderators have the final word on approving / removing a thread or post or comment.
              8. English language posting only, please.

              Would you like to help us?

              Awesome! Simply post in the forums using the link below and we'll get you started.

              Get Involved