Mac Forum Forced Password Change?

OP
krs

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
Still good this morning.

What seems to have been the issue is that initially I only received one email when the password was reset.
I only found out later, after several one-email password resets, that there should have been two emails.
Probably clear if one reads the first reset email completely that there will be a second one, I just read up to the link in the email and clicked on that which I think gave me the option to log in again, but then I somehow ended up on the web page with the single "Reply with Quote" at the bottom which seemed to indicate I was logged in exceot that I was not.
I posted several screenshots of that page, but none of the mods/admins ever commented how that would happen - getting to that page.
That might have been a hint that the password reset was only sort of half complete.

In any case, everything is good so far using Firefox
Also tried using Brave - works just as well except that Brave loads noticably faster.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Just like everyone else...I need to change my Mac-Forums password every 120 days.

Got my Mac-Forums password change message yesterday...went thru the process...and everything went smooth as silk.:)

- Nick
 
Joined
May 21, 2012
Messages
10,702
Reaction score
1,158
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
Just like everyone else...I need to change my Mac-Forums password every 120 days.

Got my Mac-Forums password change message yesterday...went thru the process...and everything went smooth as silk.:)

- Nick
What browser are you using?
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
What browser are you using?

I just changed my password with no problems. Using both Chrome and Safari.

Note: I always make sure especially with Safari, that the correct user name shows up from the keychain. The same with Chrome. Other browsers should also be the same although I understand there have been problems with Firefox.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Same as chscag...I mainly use Safari & Chrome.:)

I also do the password change only via the online password change form that I'm given...and I enter everything manually (no autofills of any sort).

- Nick

p.s. Sharing this info so there is no misunderstanding that many folks have no issues performing the Mac-Forums password reset. Sometimes when threads like this are discussed...there can be a misunderstanding that everyone is having an issue...which is not always true.

p.p.s. I'm sure the members posting in these sort of threads are having an issue of some sort...but the issue would seem to be not Mac-Forums website related.
 
Last edited:
Joined
May 21, 2012
Messages
10,702
Reaction score
1,158
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
Is there a way to see when my password was changed?
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Is there a way to see when my password was changed?

You mean seeing when your password has to be changed? Like Nick stated above, it's 120 days although I believe it's also derived from the number of times you access the forums.

We have had members who haven't signed in for a considerable length of time (in some cases, several years) but their password was still in effect.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Is there a way to see when my password was changed?

My "snap-answer" is no. Need to check 1 area to be 100% sure.;)

Will update after checking.:)

- Nick
 
Joined
May 21, 2012
Messages
10,702
Reaction score
1,158
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
No, I was just wondering if there was a log that tells me when I (or someone) accessed certain security features/options?
 
OP
krs

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
Just like everyone else...I need to change my Mac-Forums password every 120 days.

Got my Mac-Forums password change message yesterday...went thru the process...and everything went smooth as silk.:)

- Nick

Glad this came up again.

Browsing the net, I recently came across more and more discussions that changing the password regulalry is counterproductive.
Security sites mention that, so does the FTC and ZDNet:
Time to rethink mandatory password changes | Federal Trade Commission
Changing your password regularly is a terrible idea, and here's why | ZDNet

But arguments of course go both ways.

What I'm trying to get my head around is the benefit of the forced password change.

For one, none of my financial accounts that I access via the net require a regular password change and neither does any other forum or discussion group I access.
Taking it one step further - let's suppose someone does obtain your user name and password for this forum - what is the worst that can happen???
They can post under your name, take a look at parts of your personal profile that is not public (same as administrators can) - what else???

Seems rather ridiculous to me that this forum enforces stricter password security than my financial institutions...and I'm wondering for what purpose....
 
Joined
Oct 16, 2010
Messages
17,494
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
We have had members who haven't signed in for a considerable length of time (in some cases, several years) but their password was still in effect.

How can I PLEASE get such an account, and if I could get one that never needs to be changed I would be even more grateful.

I doubt that the policy will change here, but there ane no proven mathematical reasons for making a password change every X amount of days etc. more secure.

Even old articles said the practice is outdated:
According to Thytoctic, 80% of all cyber security attacks involve a weak or stolen password. Changing your password regularly reduces your risk of exposure and avoids a number of dangers.
... ... ...
However, in most cases, these might now be outdated policies or recommendations. At the very least, it's highly debatable that changing passwords frequently actually does increase security.
How Often Should I Change My Passwords?

Or:
Please Forget to Change Your Password Every 90 Days
It's Time to Rethink Password Management Best Practices

Please Forget to Change Your Password Every 90 Days | 2018-03-01 | Security Magazine

Think about it for a bit, but I doubt that the policy will change for a long time at most places.

EDIT:
It seems that Knute was busy typing at the same time I was and on the same line of thinking as well, but beat me to the posting wall.

PS: There is no proven valid logic showing a single password getting changed every x amount of time increases one's security prptection.



- Patrick
======
 
Last edited:
Joined
Oct 16, 2010
Messages
17,494
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
What I'm trying to get my head around is the benefit of the forced password change.
... ... ...
Seems rather ridiculous to me that this forum enforces stricter password security than my financial institutions...and I'm wondering for what purpose....


Well Knute, that make two more of us that we can add to the growing list of those against frequent password changes for no valid reason. But then again, I've been advocating the same thing for years now, so I guess I've actually been on the list for a long time now. :Smirk:



- Patrick
======
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
If you have a strong password, it should last forever. And a weak password should expire in an hour or less, IMHO. But, having said that, not many people have strong passwords. I let 1Password suggest passwords for me with a setting for 16 characters, plus symbols and upper/lower case and numbers. Sometimes I let Safari recommend passwords as they are 18 characters long, upper/lower, numbers and some symbols. In any case, I use 1PW to store them and Safari to keep them in keychain. And I know NONE of them by memory. :)
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
I have been here a long time. At first I never got that password message till I became a Moderator here many years back now. It makes sense for Staff to have to change their PW as if someone ever got into one of our accounts they could ruin the forums, especially an Admin account.

As long as the Password Change works with no hiccups, I do not see any issues with it. Just protecting the users and in the case of us staff, the forums.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
As mentioned above...there are Pros & Cons to this topic (as with almost every topic). If there weren't at least two sides to almost any subject/argument...there would be no debates...and there would be much less need for lawyers!;)

Jake beat me to it...a strong password is key...unfortunately many many users use VERY weak passwords.:(

If you guys want to have a little fun:)...visit the link below...enter one of your favorite passwords...then see how strong it is...and how much time it would take to crack:;)

Password Strength Meter

- Nick
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
Here's a 2nd Password Strength Checker link:

- It's much more detailed.
- Provides a password strength score rather than number of days to crack.
- Includes quite a few parameters which indicate why a specific password is weak...and ways to make it stronger.

Password Strength Checker

- Nick
 
OP
krs

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
Just protecting the users........

That's one key thing I was getting at... what exactly is the user being protected from if someone cracks the password on a forum like this?

Like I said - no other website, even websites like any of my financial institutions, and I use 8 different ones, requires a password change on a regular basis...or at all.
Some have a bit more security where after the user name and password is entered correctly, one also has to correctly select one of sixteen pictures that the user had pre-selected, or the European account where even if someone gained access, they could not transfer any funds since they need a unique TAN for each transaction that only I have, but in most cases, it's user name and password, that's it.

Out of interest - is any member here arectually accessing any website (other than this one) where a regular password change is mandated?
 
OP
krs

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
If you guys want to have a little fun:)...visit the link below...enter one of your favorite passwords...then see how strong it is...and how much time it would take to crack:;)

Password Strength Meter

- Nick

Thanks for that little fun.
Turns out one of my banking passwords takes 23 days to crack...assuming the bank doesn't lock you out long before that.
The password I use on this forum only 3 days.
 
Joined
Jan 1, 2009
Messages
15,452
Reaction score
3,808
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
My banking password, generated by 1PW, gave the result of 11 million years to crack. That is, until quantum computing makes that 11 seconds.
 
Joined
May 21, 2012
Messages
10,702
Reaction score
1,158
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
Out of interest - is any member here arectually accessing any website (other than this one) where a regular password change is mandated?
I can't think of any that force me to do it? But I only use about 4 financial, and 6 health related websites?
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top