Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Seffis wrote:Many of these discussions are assuming that unlimited attempts to 'crack' the password are allowed.
I make that assumption. A copy of the database was stolen. If you're the thief (hypothetically ), can't you just run your own copy of the forum software, use that copy of the database, and change an option or two to disable that "maximum of three attempts per day setting?" Or in some way set your computer up so that the days change very rapidly?
IOW, why make the assumption that these "password tries" must take place HERE, lol? There are other copies of phpBB in the universe.
Regards,
MDM
Mint 18 Xfce 4.12.
If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
You don't need the forum up and running; that doesn't add anything except a delay. When you set or change your password it gets one-way encrypted in a particular way and stored like that in the database. When you type your password to log in it gets one-way encrypted in the same way and the result is compared with the one in the database. To guess your password an attacker uses either a common password list or something that generates a sequence of possible passwords, one-way encrypts those in the same way that the forum software would have, and compares the result against the stolen database to find a match for your account. That can all be done much quicker without having the forum up and running.
I hate to throw a spanner in the works, but I hope you release that the new password procedure on this forum results in less secure passwords. This is because special characters are no longer allowed in passwords, and that increases the probability that a password will be cracked. I personally use special characters in my passwords because not many people will try them.
So, you now have a password system that is as secure as my bank's - which is saying very, very little.
From the settings in your account, the policy for passwords:
New password:
Password must be between 10 characters and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.
Therefore what you wrote in your post is completely false. The new password policy is more secure.
MycroftMkIV wrote:I hope you release that the new password procedure on this forum results in less secure passwords. This is because special characters are no longer allowed in passwords, and that increases the probability that a password will be cracked.
Less secure passwords, because (wrongly assumed) no longer allowed special characters increase the the probability of cracked passwords? That would give in the conclusion, that less secure passwords would decrease the probability of being cracked. This logic is over my head.
I didn't anticipate this happening but it did. It's been 3+ weeks since I logged into the forum. I did change my password, I was logged in from another computer. I thought that I had written the changed password my un/pw list I keep beneath my new laptop but apparently that password was the one I changed to over one year ago. So I had to check the password manager on the other computer in another room. The real problem was my reluctance to get off my fat hindside seated in the living room and go the other computer in my radio/computer/office/bedroom. I don't recall, before the intrusion, being locked out of the forum because of my inability to remember my password but it did happen earlier, actually later last night, me being locked out of the site due to too many login attempts. I haven't installed the password manager on this laptop that I prefer but maybe I should. I have been using the laptop more, lately, than the single core Optiplex desktop. Maybe its about time for me to retire it from my arsenal of PC's, set it up with a version of Puppy Linux and give to someone in need of an entry level computer. Oh, sorry to the person reading my rambles.
MycroftMkIV wrote:I hate to throw a spanner in the works, but I hope you release that the new password procedure on this forum results in less secure passwords. This is because special characters are no longer allowed in passwords, and that increases the probability that a password will be cracked. I personally use special characters in my passwords because not many people will try them.
So, you now have a password system that is as secure as my bank's - which is saying very, very little.
Mike
Idaho Panhandle
"This is because special characters are no longer allowed in passwords, ", I don't think this is a correct statement. My new password is conglomeration of all characters. I have not received a denial to log in here due to using special characters...
jeffreyC wrote:A few years ago I saw a 'man on the street interview' article; over half the people asked would trade their work password for a chocolate bar.
.
I don't know that I'd have expected those results, but I am not greatly surprised. People in my country (United States) have been trading privacy and other rights for (perceived) security for years. Ben Franklin would probably have lined them all up against the nearest wall and allowed their blood to nourish the tree of freedom, lol.
Actually, I'd have expected them to trade it for a cheeseburger (extra cheese - and can you supersize that? I'll throw in an email password ). Maybe it was some other country where the poll occurred?
DISCLAIMER: I like cheeseburgers. But I wouldn't trade anything - other than $1.49 - for one.
Regards,
MDM
Well, in this day and age, you have to have beefy, complex passwords to keep your things safe. As far as the "Perceived" security is concerned, the reason behind the "people" giving up their privacy rights and or any other rights, is because they don't know anything of their Constitution, Bill of Rights.....so our society becomes precariously unstable and fragile, all at the same time. I use and have been using complex passwords for everything, including the use of the other symbols...
jeffreyC wrote:A few years ago I saw a 'man on the street interview' article; over half the people asked would trade their work password for a chocolate bar.
.
I don't know that I'd have expected those results, but I am not greatly surprised. People in my country (United States) have been trading privacy and other rights for (perceived) security for years. Ben Franklin would probably have lined them all up against the nearest wall and allowed their blood to nourish the tree of freedom, lol.
Actually, I'd have expected them to trade it for a cheeseburger (extra cheese - and can you supersize that? I'll throw in an email password ). Maybe it was some other country where the poll occurred?
DISCLAIMER: I like cheeseburgers. But I wouldn't trade anything - other than $1.49 - for one.
Regards,
MDM
Well, in this day and age, you have to have beefy, complex passwords to keep your things safe. As far as the "Perceived" security is concerned, the reason behind the "people" giving up their privacy rights and or any other rights, is because they don't know anything of their Constitution, Bill of Rights.....so our society becomes precariously unstable and fragile, all at the same time. I use and have been using complex passwords for everything, including the use of the other symbols...
Which might be a fine thing, unless you are in a shared environment with someone that trades their password for that chocolate bar.
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.