Resetting passwords at Regular Intervals

Discussion in 'Site Security & Legal Issues' started by Jason5, Jul 12, 2019.

  1. Jason5

    Jason5 Enthusiast

    229
    63
    +44
    Do you initiate a password reset at regular intervals or make the users use the same password as long as they stay in the forum.

    What do you think is an ideal time to ask the users to reset their passwords?
     
  2. R0binHood

    R0binHood Habitué

    1,176
    412
    +907
    The UK National Cyber Security Center currently advises against this.

    https://www.ncsc.gov.uk/collection/passwords/updating-your-approach

     
    Last edited: Jul 12, 2019
  3. R0binHood

    R0binHood Habitué

    1,176
    412
    +907
    The National Institute of Standard and Technology in the US also recommends the same.

    https://pages.nist.gov/800-63-FAQ/#q-b5

     
  4. Jason5

    Jason5 Enthusiast

    229
    63
    +44
    Omg i didn't know something like this exists. Thanks for sharing the valuable information.
     
  5. MagicalAzareal

    MagicalAzareal Magical Developer

    256
    70
    +115
    They also use really weak passwords if they know you can see their password. Always hash ;)

    You might want to make this optional as there are some users who travel a lot.

    For IPs, this might change if they're using some sort of VPN, mobile network, etc.
    For cookies, someone might be using something like incognito mode for privacy.

    The best thing to do is to encourage people to use 2FA. High security contexts may also require alerts, but convienience is a big thing for forums whenever possible.
     
    Last edited: Jul 12, 2019
  6. zappaDPJ

    zappaDPJ Administrator

    6,776
    1,342
    +5,257
    The only time enforced password changes have any real value is after a site has been compromised and the vulnerability removed.
     
  7. Jason5

    Jason5 Enthusiast

    229
    63
    +44
    We can enforce password reset when we restore a database or a new script used?
     
  8. zappaDPJ

    zappaDPJ Administrator

    6,776
    1,342
    +5,257
    In some cases migration to a new script will cause that to happen anyway with the likely result, the loss of a lot of members.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.