Bass Fishing Forum banner

1 - 20 of 80 Posts

·
Administrator
Joined
·
163 Posts
Discussion Starter #1
Hey all,

Over the next few days we will be implementing some changes to our forum password strength and password expiration policies. To make sure you continue having the best experience possible on the community, we regularly monitor the site and the Internet to keep everyone's account information safe. We've recently become aware of a potential risk to some accounts coming from outside of this community. Just to be safe, we are implementing the following changes to improve security even further:

1) We are asking everyone to change their passwords (and will force a one time reset). Along with every user on the forum, new passwords will need to be more complex, and can't be simple words (sorry, you can't have "fluffy" as your password anymore!). Please use a password unique to this community. Reusing passwords can expose your account indirectly when other websites (Twitter, Linkedin, Badoo, etc) are compromised; and

2) Your passwords will expire on a 365 day basis. When you login on the 366th day, you will have to change it.

We'll also be sending out an email to users to let them know about the changes, in upcoming weeks.

Thanks all,

Helena

Community Management
 

·
Registered
Joined
·
108 Posts
Oh Yay! thanks for the high level of security on fishing forum! Maybe I should contact my bank to follow suit. Sorry to be the downer but not liking the idea of changing my password every 366 days.

CHANGE IS NOT BETTER.....
 

·
Registered
Joined
·
212 Posts
First let me say, I am in compliance and reset my password. that said... I'd be more concerned about enforcing site posting rules than passwords. Then again, I am sure it's some CYA activity due to recent site ownership changes.

I second the motion that passwords should NOT change every 365 days- that seems a bit much for this type of site.

Here is what I have seen over the past few years. Fishing reports are down. Traffic is down. Overall interaction is down with the exception of the recent articles about rain and flooding. This site isn't what it used to be, and saying the lakes are low and fishing is bad is not the problem. I would focus on making the user experience better, and not going all Geshtapo on password strength.

I also think a more mobile friendly forum template would be a better investment.
 

·
Administrator
Joined
·
163 Posts
Discussion Starter #10
If the yearly password reset causes problems next year, we can revisit the decision. Until then, the increase in complexity is the simplest and easiest way to increase site protection.

Kevin
 

·
Registered
Joined
·
321 Posts
I could understand strict pw requirements if this forum contained any personally identifiable information (PII) that would put members at risk of fraud.

I'd imagine for a lot of folks, using a site to discuss which color worm to throw at a fish, if the site becomes too much of a hassle to use... they'll stop using it. If logging in starts causing problems... less people will want to use the site. I'm not saying it will affect everyone. But some people.

Which, considering this site already seems to be 'slowing down', throwing another level of difficulty into things seems like a bad idea.


It's probably a more reasonable thing to just make sure people understand what a good password policy is, and leave it up to them to be responsible about not using easy passwords.... like fluffy.
 

·
Banned
Joined
·
5,461 Posts
I could understand strict pw requirements if this forum contained any personally identifiable information (PII) that would put members at risk of fraud.

I'd imagine for a lot of folks, using a site to discuss which color worm to throw at a fish, if the site becomes too much of a hassle to use... they'll stop using it. If logging in starts causing problems... less people will want to use the site. I'm not saying it will affect everyone. But some people.

Which, considering this site already seems to be 'slowing down', throwing another level of difficulty into things seems like a bad idea.


It's probably a more reasonable thing to just make sure people understand what a good password policy is, and leave it up to them to be responsible about not using easy passwords.... like fluffy.
Totally agree but understand that a lot of the password and policy changes are forced by vBulletin as they have to have policy that accommodates a wide range of forums. Honestly, if I had to guess an annual password refresh is probably the maximum time period allowed without a custom code change, which doesn't make sense from a support issue.
 

·
Registered
Joined
·
1,176 Posts
IMO, a password change is not the end of the world. It gives me a chance to bone up on my computer skills at least. Chicks dig skills.
 

·
Administrator
Joined
·
163 Posts
Discussion Starter #15
hey all!

The security of members accounts is very important to us and although a members personal information or private information such as credit card info is not stores on the site, many people use the same password for multiple sites. This could create a potential hole for a hacker to get your info which is what we would like to avoid. The forced password change for now is to unsure there are no holes on the forum and the one that should happen a year from now can be revisited then and we can look into if it is still needed on the site.

~Shane
 

·
Registered
Joined
·
471 Posts
Went to change my password and the site would not recognize my password. Strange since it required it the next time I signed in and there was no problem.

??????????????????????????

MF
 

·
Registered
Joined
·
582 Posts
I have to change my damn password on all the sites or apps so much I can't remember what they are. Oh well, everyone clicks the save password button anyways because they won't remember, cause that's safe you know. Play it smart on the interwebs and you'll be ok, but you won't, because someone is always one step ahead. Use a VPN and Tor.
 

·
Registered
Joined
·
27 Posts
This is going on over at avs forum. Now I can't log in there, can't change the password because the system doesn't recognize my email.......now the Admin is swamped with emails for assistance. I'm still waiting for Admin. What a pain in the butt.
 

·
Administrator
Joined
·
163 Posts
Discussion Starter #20
Went to change my password and the site would not recognize my password. Strange since it required it the next time I signed in and there was no problem.

??????????????????????????

MF
My issue as well
When changing your password, please make sure to copy/paste your password over from the email to the "Current Password" box. This will ensure that it is not using an older cached password for the auto-fill.

This is going on over at avs forum. Now I can't log in there, can't change the password because the system doesn't recognize my email.......now the Admin is swamped with emails for assistance. I'm still waiting for Admin. What a pain in the butt.
I have a feeling that you have an old email address linked to the account on that forum. How did you contact the admin there? Did you use the Contact us feature?

We are working diligently to sort out all inquiries and issues during these past few days. I appreciate your patience.

Thanks,
- JB
 
1 - 20 of 80 Posts
Top