Password change ?

[puppyX]

Operating system:Linux Trisquel 64bit
Browser version:33.8.0 64bit
32-bit or 64-bit browser?:
Problem URL:
Browser theme (if not default):Pale moon
Installed add-ons:4
Installed plugins: (about:plugins):0

If possible, please include the output of help->troubleshooting information (as text):

**PASTE troubleshooting information here**

Why did PM make me change my password before allowing entry to the forum today ? It hasn't been that long since I last logged in. Strange.
Is it due to the recent update ?

[Moonchild]

Far as I know there hasn't been any forced password resets issued against your account so it must have been the normal periodic expiry kicking in for you. That isn't related to when you last logged in, but related to when you last changed your forum password. We infrequently ask all users to choose a new password on the forum, if they do not change it themselves.

[AndieM]

Hm, is the password expire time 30 months?
I also got one a moment ago and have no reason assume a security breach regarding my account…

[Night Wing]

I am always logged in.

Within the last two days (and I think it happened yesterday), somehow I got logged out. When I logged back in, the Forum did "not" ask me to change my password. I used the same password like I have been using for many months now.

I just chalked it up to "forum maintenance".

At this time on this SSD, I am using 64 bit linux Pale Moon 33.8.0 (GTK2) running in 64 bit MX Linux 23.6 (Libretto) Xfce.

[Moonchild]

Hm, is the password expire time 30 months?
I also got one a moment ago and have no reason assume a security breach regarding my account…

it's a long time, yes. but it does need to be done occasionally.

[Moonchild]

somehow I got logged out.

Maintenance windows will sometimes log people out, e.g. if cookie settings change.

[Gemmaugr]

I just got logged out today too, despite having "keep me logged in" on. I couldn't remember the PW because it requires one more character then my own scheme does. So I was sort of forced to change it through my email, and now it's back to normal. I should remember it this time. Frankly, what kept me from making an account for a long time was the mandatory PW changes. I freaking hate those.

[Moonchild]

Our settings are a compromise.

We need to assume many people don't use a password manager, unique passwords for every site, and similar problematic practices. Breaches happen, and account data gets leaked/stolen/compromised with great regularity on the Internet, so to prevent account breaches by re-use/guessing similar passwords, we have to use a password rotation scheme. How often it is required tends to be the issue for people averse to it, and that's why the forum has a (very!) long password validity duration before you're asked to change it. On the flipside, we also don't force you to use complex passwords with capitalization, numbers and special characters; that is entirely up to you. We do enforce a 12 character minimum but you're free to make it up to 100 characters long if you want.

Ultimately, if you are confident your password is secure, you can change it and then change it back, as well. It's just not recommended to let actively used accounts go more than multiple years without a password change. Account guessing is a regularity on this forum; thankfully we've not really seen any of the accounts hacked so far, with our policies in place, so it seems to be effective.

Because this was introduced at a certain point in time for all accounts, these password change requests are kind of clustered around certain dates - that's just because they all expire around the same time for older accounts. That doesn't mean we've done anything on our end to make that happen -- if there would be a need for this kind of forum-wide account maintenance we'd be transparent about what happened and why a forced change would be necessary.