Aquatic Plant Forum banner
1 - 5 of 5 Posts

·
Administrator
Joined
·
363 Posts
Discussion Starter · #1 ·
Hey all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
476 Posts
Rather than make us have a password just for this site, why don't you guys just rely on social id providers? Let us choose among our existing Google, Amazon, MS, Fbk, whatever accounts...

That way:
* APC doesn't have to handle any account management or recovery functions,
* we get to reduce the number of logins we manage,
* we get single sign-on across APC and other sites,
* you learn more about the demographics of your user base
* you get the benefits of the most advanced security (multi-factor, risk-based) without having to build it yourselves...

There are many SaaS providers that you can hook into for this.
 

·
Administrator
Joined
·
363 Posts
Discussion Starter · #4 ·
The information used here could be used to access other accounts you may have on other sites. Many people use the same password across multiple platforms, and even more use the same email. It depends on individual set ups, but that information could be enough to compromise other sites if passwords are simple enough.

ObiQuiet, that suggestion is essentially above me paygrade, and would require a massive shift in how this site and all other sites we operate work. Essentially, too big of a change to consider at the moment.

Kevin
 

·
Registered
Joined
·
476 Posts
ObiQuiet, that suggestion is essentially above me paygrade, and would require a massive shift in how this site and all other sites we operate work. Essentially, too big of a change to consider at the moment.

Kevin
I understand; thanks for the response!
 
1 - 5 of 5 Posts
Top