So today I got notification your password has expired, 365 days.

Your password needs : upper case;lower case;numbers;symbols;must be 10 characters or more. Many members on this forum are old school, able to get by , however this isn't my bank account, this forum doesn't have any connection to anything that is used for money transfer, it doesn't contain sufficient info to steal my identity, yet here I am coming up with a new password, which by the way I have had to do before. Why does it sound like I am upset? Because there is a good chance that some or many members will use a password that they use for banking or other secure logins. This site isn't secure, there are many services out there such as Norton that will save all your passwords and manage them, just think for a minute, should they get hacked, you definitely are in trouble.

As a mod I am a bit disappointed that as a team we weren't consulted. Do I expect that some members may just give up logging in****YES

I'm w/ onewizard on this - having to change passwords every now-and-then is a SUPER PITA!

Im not a mod here (obviously as im new this year ) but I have worked in IT / security for 18 years. I have seen sites and services get hacked by weak passwords a lot. IMHO i am all for the password requirements. This site has a wealth of knowledge that should be protected. I would hate to see some little punk get in here and ruin what we have. When the site was partially down for the migration I almost cried. Lol well maybe not cried, but I was a little disappointed as I was trying to find some info that i was needing about the chain maintenance.

But, as an example, if a password was compromised, the hacker could post links that look legit (or are replaced with one of the common tiny URL services) that goes to a malicious site. And someone clicking the link could then have the system they are on compromised, exposing everything they do on their system (banking, 401k management, medical / insurance tasks they might do).

Our mods / members provide a vital role to our community of riders. Like I said before the knowledge here is fantastic, but the site is also a good source of inspiration on modifications we can do to our bikes to make them as sexy and/or mean as we can. But try as yall might, my bike is the sexiest of them all (lol joking).

My main gripe was I was forced to change my password to log in, my preference would have been to delay for a day, secondly the site was not secure although the password change degree of difficulty implied this was needed. Today this site now boast's the secure lock symbol.

That being said, those members that use their banking password on this site may feel a little more secure, however a couple things I will suggest. When sending / receiving email, make sure you delete old messages, those with delivery from amazon.com, anything that can link you to a payment method. If you are sending your name , address and phone # to a buddy, delete from the sent folder when complete, anything with your identity. Make a point of deleting your sent email each day. I have one email address for all money transaction's , two more that are used for everything else, when I get a PayPal notification phishing email to these I know it is just that. What I have said here is a small fraction of what is needed these days to combat theft.

I agree with you on that. Sometimes it is hard to come up with a good password that you can remember. Everyone is entitled to gripe and complain about stuff. It is a reason changes happen and normally for the better. Maybe this will encourage a notice of some sort the next time something like this is changed.

A lot of people still use that same passwords for everything they do. Why people? WHY ?!?!? lol

Yes, kind of funny but not, latest security change is using a phone number to send a 1 time , time sensitive code to verify a login to a bank account, landline and cell phone numbers, they are going away from security questions as who remembers them, what remains important is that access to your cell be secure, I know this day and age people bank from their phone, which means security is extremely important.
So a FYI for those reading this post, information I will pass along, notification that I as a mod receive but feel important to pass along to members;

Improving security across our network and adding Secure Sockets Layer or SSL to the site. This means going forward you'll see Hyper Text Transfer Protocol Secure (HTTPS); the secure version of HTTP, the protocol used to send data between your browser and the website that you are connected to. This means all communications between your browser and the website will have another layer of encryption.

This doesn't mean you can let your guard down, but knowing the site is coming up to snuff with many other sites.

While we can appreciate your concerns, the password requirements are the same on all our sites, and in line with most sites on the internet (LinkedIn, Facebook, Emails, ect). The Uppercase, Numbers, Symbols ect requirements ensure passwords are complex and secure as BruteForce attacks can easily break lower tier passwords (password123, ect).

This is the norm for most sites on the internet and as security of our members accounts are high priority, it was made that way as well.

The site does now boast the Secure / HTTPS as we have added SSL to it as well to give another level of protection.

- JB

In my case, a password manager has been an extremely useful tool.
It creates complex passwords for me and ... remembers them!

FYI:

https://www.howtogeek.com/141500/why...o-get-started/

Note: I have been using 1Password for the past 5 years.

They can do all this now, without guessing anyone's password. Anyone can create an account here, and start doing what you are suggesting. So I don't see how stronger password rules help prevent that from happening.

I agree overly strict password requirements on forum sites are a pain. I do believe there should be some simple rules, it shouldn't be "password" or "password123" for example. But using the same requirements as a bank is overkill and a hassle.

I never meant this to be a debate, I was more concerned about the older members that struggle to post , no need to make it difficult to just log in by forcing a password change, this could cause some members to walk away as said previously, I have accepted it and have moved on . The secure HTTPS was a year overdue. The spam software works reasonably well.