Hello, Today I noticed you now require all users to reset their password to 12-character one. I don't know why would someone decide it was good idea for a modding website. There is a reason companies like Google or Facebook, which store insane amount of information about you require only 8 characters — they know people reuse passwords and nothing is going to change that. If you ask someone to enter ≥12 char password, they will likely choose one already in use, with that exceptional length being most likely bank account pass. Percentage of people using password managers is still minuscule. Now Nexusmod has relatively unusually high percentage of users with their bank password, which contrary to your belief, makes a breach more attractive for hackers. Brute force or rainbow attacks are not the ones you should fear the most, because great majority of users' accounts don't contain anything worth stealing. It's the big leaks and theft of millions of passwords that may happen, in which case you should prepare for a big shitshow. There are ways to secure passwords, but lengthening it in this context is probably not a good one.
