# new password requirements. wtf?



## terzdesign (Mar 8, 2010)

Seriously... I have a weaker password for my bank accounts for god's sake. 

10 characters
symbols
upper and lowercase letters
numbers

These are all requirements now? Do you think that is enough... Jesus. Why not add a thumbscanner requirement?


----------



## iainlondon (May 11, 2010)

My sentiments exactly. Quite preposterous.....


----------



## outbreak (Jan 9, 2010)

This is the second site today I've had to reset my password. My guess is that it's some type of platform upgrade causing it.


----------



## mmoguls (Mar 9, 2009)

Lame. I was happy with it before.


----------



## NoXid (Apr 4, 2011)

outbreak said:


> This is the second site today I've had to reset my password. My guess is that it's some type of platform upgrade causing it.


Same company behind the scenes: VerticalScope Inc.


I did this same song and dance with another group of sites last year when they got infiltrated. It's the interwebs, poop happens 

Even these new industrial grade passwords won't win the war. The day is coming when passwords will be obsolete ... Unless they block IPs/accounts after a couple of login attempts, any PW can be cracked via brute force or dictionary lookup (I've had cause to do it myself, though not to a public forum like this).

I have a WordPress blog and have it set to block an IP after 2 failed logins. I get notices everyday of lockouts on attempted access to the Admin account. They just keep throwing more IPs at it.


----------



## tfalk (Apr 3, 2008)

Verticalscope got hacked a few weeks ago. All of the sites under their umbrella are getting the same treatment - change your password to something so rediculous that nobody will be able to remember.

Yeah, you saw that their member database was hacked, right? 


http://www.securityweek.com/45-million-potentially-impacted-verticalscope-hack


----------



## gotshirts2ink (Nov 12, 2009)

So yesterday I signed on and got a message I will need to change my password, No problem after about 20 mins trying to figure out a new password because of all the requirements. I get a $&@$& email today saying my password has been reset by an administrator WTF!!! Now have to do it again the worst part is all the damn requirements. my damn banks dont even have that many so now on my monitor is a sticky note with 1 damn password on it because I will never remember it


----------



## decorator (Oct 29, 2012)

SERIOUSLY !?!
It's "T-Shirt Forums", not a bank account.
Should I be afraid that someone is going to hack in to my account and POST something? What exactly are we protecting? The whole point of this site is to SHARE information. So now we have to guard it with an outrageously difficult password? REALLY ???
I totally agree WTF!


----------



## edward1210 (Nov 7, 2009)

decorator said:


> SERIOUSLY !?!
> It's "T-Shirt Forums", not a bank account.
> Should I be afraid that someone is going to hack in to my account and POST something? What exactly are we protecting? The whole point of this site is to SHARE information. So now we have to guard it with an outrageously difficult password? REALLY ???
> I totally agree WTF!


I believe this is something good, must of the company now requires every users to change password every 90 days


----------



## decorator (Oct 29, 2012)

edward1210 said:


> I believe this is something good, must of the company now requires every users to change password every 90 days


Good for what?
The whole point of any password is for protection.
What is it that needs to be protected?
What evil-doers are we protecting it from?
What are we afraid they will do with whatever they find?
Who requires password changes every 90 days?
Only businesses with something they need to protect, and would be severely harmed if it were compromised.
Just because some company somewhere requires it, doesn't make it "good"


----------



## BeadyEyeGraphics (Jan 2, 2015)

Hackers definitely know more about the potential risks to all of us than some of the people making comments here. If the site has been hacked and passwords were stolen we all should have been informed about that asap. No ifs or buts about it.


----------



## lben (Jun 3, 2008)

I'll never remember this password. Do I care if someone hacks into this site and gets my password? No.


----------



## GTP30 (Dec 18, 2015)

The worry shouldn't be with hackers getting access to your account on this forum but if you use that password for other things, they now have that password. If you use the same email they could potentially have access to anything you use both the email and password for. At least with the outrageous password requirements on here you'll likely never use that password for any other site.


----------



## Dekzion (May 18, 2015)

making a password that is different for every site is easy, just go to guerrilla mail and use the tool there. extremely handy if you need to use a friends computer in a hurry
Either that or roboform.


----------



## NoXid (Apr 4, 2011)

edward1210 said:


> I believe this is something good, must of the company now requires every users to *change password every 90 days*


That is a total waste and leads to people writing their PWs down on paper and sticking it to their monitor where the cleaning lady will see it. Totally counter productive.

Either someone has cracked or observed your PW _or_ they have not. As soon as they use it in an obvious way, you or IT/Admin are going to notice and change the PW so it doesn't matter if the PW was going to expire in a day, a week, or 3 months--*it will work for whoever steals/cracks it WHEN they steal/crack it!* 


As to why forums care about this. Our accounts would no doubt be used in some spam marketing barrage, or the like. Or worse, forums, as opposed to banks, tend to be weak targets in terms of IT infrastructure, firewalls, and security in general. But people tend to use the same user name and PW, or close variations, for different online accounts ... yeah, might be time to change your online banking name and PW to something entirely unique and unrelated to any other presence you have online, or elsewhere.

Think I'll change my bank ID to *milf1984*


----------



## lben (Jun 3, 2008)

I like your password, except you forgot the capital letter and a symbol!


----------



## Ripcord (Sep 2, 2006)

Well with all the recent news about hackers I decided to get a secure email address just like the Secretary of State. You can reach me at [email protected]


----------



## BeadyEyeGraphics (Jan 2, 2015)

Ripcord said:


> Well with all the recent news about hackers I decided to get a secure email address just like the Secretary of State.


You mean you'll have it on your own server which you will keep in your bathroom?


----------



## binki (Jul 16, 2006)

It's the forum platform they use. I had another forum do the same thing. They got hacked so because they are not secure we get to suffer.


----------



## affordable (Apr 6, 2007)

Is there a way to change my newly assigned password to something I create and can remember?


----------



## BeadyEyeGraphics (Jan 2, 2015)

affordable said:


> Is there a way to change my newly assigned password to something I create and can remember?


You should be able to go to Your Control Panel in the list on the left and do it from there. I myself haven't tried yet because I'll probably stick to what they've given me for now, but other people reported difficulties trying to do that. So who knows if it's working...


----------



## GTP30 (Dec 18, 2015)

I changed mine with no issues. Just go to usercp, email & password.


----------



## john221us (Nov 29, 2015)

affordable said:


> Is there a way to change my newly assigned password to something I create and can remember?


Yes, UserCP tab at the top.
Change it to: S0m3th!ng!llR3m3mb3r


----------



## Megadigitizing (Oct 1, 2014)

Strongest password for forums ranges from 20-25 characters which includes capslock, special characters etc. Nothing is secure which involves database(even facebook accounts). So this site is doing what they can do to protect users.


----------



## tfalk (Apr 3, 2008)

At least they were kind enough to put a "SECURITY AND DATA BREACH NOTIFICATION" at the top of the page now. Yeah, thanks for the warning before telling us we needed to change our passwords..... Has anyone at Vertical Scope heard your should put the horse in front of the cart instead of the other way around?


----------



## coolcold (Aug 27, 2013)

That's the reason to use separate password for bank and email and non-important sites. Maybe just save the password in an email rather than a sticky?


----------

