DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Password expiry

 5 Replies
 1 Subscribed to this topic
 35 Subscribed to this forum
Sort:
Author
Messages
Growing Member
Posts: 44
Growing Member

    Hi there,

    Just now I figured to have a look at thies eforums again. Didn't get to that for a while. When I wanted to log in and got a message my password had expired.

    Seriously? Expire passwords on a community website?

    I think that's an awesome way to get rid of your users, to bew honest. Obviously I undserstand the decision from a security point of view, but it's not like we have sensitive private information on here. So we could easily leave that responsibility with the user. Really, on every other website I would have closed my browser and never return to the site again.

    There's a reason Facebook doesn't expire a password...

    Greetz,

    Stefan Kamphuis

    Veteran Member
    Posts: 1142
    Veteran Member
      Stefan,

      agreed. Anyway, from a security point of view, passwords are not really the best choice. It would be much better to give the user additional options like 2FA or FIDO2.

      Happy DNNing!
      Michael

      Michael Tobisch
      DNN★MVP

      dnnWerk Austria
      DNN Connect
      Growing Member
      Posts: 95
      Growing Member
        I think this can be configured your probably the first to have this happen.

        2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?
        Veteran Member
        Posts: 1128
        Veteran Member
          Posted By Cody on 12 Nov 2019 10:38 PM
          I think this can be configured your probably the first to have this happen.

          2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

          No he's not the first

           

           

          Growing Member
          Posts: 32
          Growing Member
            Posted By Cody on 12 Nov 2019 10:38 PM
            I think this can be configured your probably the first to have this happen.

            2FA I am looking into hoping I can make some kind of PR efforts on this however looking at FIDO2 maybe this is a better solution. Anyone have any thoughts on this?

            No, Stefan is not the first to experience this problem.

            Forcing a password change is a dumb idea, in my opinion. Are we to be treated as if we do not know what we are doing? What makes you think that forcing a change of password is more secure than keeping an existing STRONG password? Surely it must be as easy for a hacker to crack the second or subsequent password as it is the first.

            I do understand that if someone's device is compromised, and their password to this site is stolen, the "hacker" could then access this site with the stolen credentials. What benefit would that be; post a few messages before being blocked?

            We want people posting here, not getting p1$$ed of because they can't login due to a forced password change and then, as in my case, not getting the password reset email. I am lucky in that I knowsomeone who could reset my password for me ;)

            Declan Ward

             

             

             

            Growing Member
            Posts: 59
            Growing Member

              As we all agree about the inconvenience of password expiration for this website, who we should ask to change that setting ASAP? This is supposed to be a quite small group and we more or less should know who's responsible for dnnsoftware.org management, aren't we?

              Happy, and sometimes too hard, DNNing ;-)
              Francisco

              These Forums are dedicated to the discussion of DNN Platform.

              For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

              1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
              2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
              3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
              4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
              5. No Flaming or Trolling.
              6. No Profanity, Racism, or Prejudice.
              7. Site Moderators have the final word on approving / removing a thread or post or comment.
              8. English language posting only, please.

              Would you like to help us?

              Awesome! Simply post in the forums using the link below and we'll get you started.

              Get Involved