Important Security Update to our User Portal
Posted 12 January 2020 - 03:19 PM
Posted 22 January 2020 - 03:40 AM
Posted 26 January 2020 - 03:03 PM
Set a minimum password length, sure. That's fine. But don't tell me what that password has to contain (numbers, upper and lower case, special characters, etc) and just let me create a password that I can f***ing remember!
Posted 27 January 2020 - 09:26 PM
If you want to make the password length longer, fine, I agree that increases security. But then drop the complexity requirements so that we can pick longer passwords while still being able to remember them.
Posted 05 February 2020 - 11:59 PM
Posted 08 February 2020 - 04:50 AM
My suggestion? Mandate 2FA and then remove ALL password requirements since NO password requirement will EVER stop a determined hacker. If a hacker has to physically acquire my actual phone, I have security they can never crack in the form of my Beretta 391 Urika-II 12ga shotgun.
In any case, it should be noted that, unless someone manages to ascertain the server-side database at Nexus, their ability to crack any password, regardless of length, is severely hampered, and if they DO managed to get the database, then the security failure isn't on the users for having weak passwords, it's on Nexus for having weak security on their end. So, in effect, the changes they made don't accomplish anything. This is, and was never, about increasing security, because the innate delay involved in testing every attempt, combined with Nexus's extensive DDoS protection, means a remote hack through the web interface would take millennia even with a 6 or 7 character password. Instead, it's about shifting blame in the event of a hack, i.e. "it's not our fault for having weak security and allowing someone to get their hands on our account database, it's your fault for having a weak password!" Which is to say, BS.
Anyhow, just had to reset mine for the second time since these short-sighted rules were put in place. Before this, I've literally not had to reset it once in 4 years. These measures haven't stopped a single hacker, but they HAVE made the site less convenient for me, twice.
Posted 08 February 2020 - 02:28 PM
i'll add some of my hate to this topic, this long passwords are stupid as hell as people start to write them down somewhere to not forget it and it makes it easier to find them out
I set my password to something like YouAreBunchOfFuckingIdiots123 and sent it as reply to mail about password change cuz i knew that i won't forget the special password on only site that requires 12character long one and I would be reseting it every damn time, I actually don't remember the one i set around 2 weeks ago :v
Posted 18 February 2020 - 05:37 AM
Congratulations on making my account less secure by your asinine rule change.