vb.org Archive
Page 3 of 6 12 3 45 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Miscellaneous Hacks - Minimum Password Length (https://vborg.vbsupport.ru/showthread.php?t=264515)

Boofo 06-04-2011 06:14 PM
Quote:
Originally Posted by BirdOPrey5 (Post 2203476)
Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?

You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.

I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.

Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
Not everyone feels their forums or members security are as unimportant as you feel they are.

BirdOPrey5 06-04-2011 10:35 PM
Quote:
Originally Posted by Boofo (Post 2203525)
That makes absolutely no sense. Why even use it then?
Because regular users have "no powers." If someone hacked a regular user account worst thing they could do is post as them... So what if that happens?

Mod and Admin accounts however need to be protected for the security of the forum and the protection of member's private info.

Eric 06-07-2011 06:35 PM
Version 1.0.1, 06/07/2011
  • Introduced three new options and one new plugin.
  • The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).

Boofo 06-08-2011 01:27 AM
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radio:piped instead of select:piped. And I would have excluded userids instead of including them.

Eric 06-08-2011 10:19 PM
Quote:
Originally Posted by Boofo (Post 2204861)
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radio:piped instead of select:piped. And I would have excluded userids instead of including them.
Why change to the radio:piped?

And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.

Boofo 06-08-2011 10:55 PM
Quote:
Originally Posted by Eric (Post 2205270)
Why change to the radio:piped?
A coding preference, I guess, as well as it shows all options instead of having to scroll through a drop-down box.

Quote:
Originally Posted by Eric (Post 2205270)
And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.
I was wondering if maybe it was a simple mistake on your end. ;)

jgt58 06-09-2011 10:53 PM
Quote:
Originally Posted by Boofo (Post 2203525)
That makes absolutely no sense. Why even use it then?
Because to enforce staff having a more secure password than the normal users. Extra security is really not needed for normal users. If they are concerned about that , they will have a strong password. I WANT my staff to have a secure password , but there is no way to enforce that. This would be perfect with tweeks.

So yes , it does make sense :-)

Boofo 06-10-2011 01:36 AM
To you, maybe. I think my users are just as important as the staff and therefore should be given the same concern. Having their accounts hacked could be just as disastrous, if not more so, than any staff members.

just.b.jealous 06-10-2011 04:03 AM
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.

Eric 06-10-2011 06:13 AM
Quote:
Originally Posted by just.b.jealous (Post 2205695)
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.
I've tested this mod several times across 4.1.3 and 4.1.4 - works fine. You sure they actually were meeting the requirement? ;)


All times are GMT. The time now is 08:24 PM.
Page 3 of 6 12 3 45 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01390 seconds
  • Memory Usage 1,745KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete