Jump to content

About the password thing


Ceolizer

Recommended Posts

Hello,

 

Today I noticed you now require all users to reset their password to 12-character one. I don't know why would someone decide it was good idea for a modding website. There is a reason companies like Google or Facebook, which store insane amount of information about you require only 8 characters — they know people reuse passwords and nothing is going to change that. If you ask someone to enter ≥12 char password, they will likely choose one already in use, with that exceptional length being most likely bank account pass. Percentage of people using password managers is still minuscule. Now Nexusmod has relatively unusually high percentage of users with their bank password, which contrary to your belief, makes a breach more attractive for hackers. Brute force or rainbow attacks are not the ones you should fear the most, because great majority of users' accounts don't contain anything worth stealing. It's the big leaks and theft of millions of passwords that may happen, in which case you should prepare for a big shitshow. There are ways to secure passwords, but lengthening it in this context is probably not a good one.

Link to comment
Share on other sites

You are the umpteenth person to have made this point. And there are umpteen others who disagree and applaud NexusMod's new policy. If you've not already done so, a search of this forum will uncover several threads in which this topic has been discussed ad nauseum.

Link to comment
Share on other sites

The only reason companies like Google and Facebook only require 8 characters (right now) is because they're too entrenched with what they're doing to have spent developer time on increasing the requirement. Rest assured that some day they will, because security concerns will force their hand. In this respect, Nexus is basically in the role of early adopter. You should be complaining to other places that still think 8 chars is safe because it really isn't anymore.

 

Going from 8 to 12 characters is a significant improvement in security - on the order of making it take YEARS to crack through brute force even if the database is stolen outright.

Link to comment
Share on other sites

 

The only reason companies like Google and Facebook only require 8 characters (right now) is because they're too entrenched with what they're doing to have spent developer time on increasing the requirement. Rest assured that some day they will, because security concerns will force their hand. In this respect, Nexus is basically in the role of early adopter. You should be complaining to other places that still think 8 chars is safe because it really isn't anymore.

 

Going from 8 to 12 characters is a significant improvement in security - on the order of making it take YEARS to crack through brute force even if the database is stolen outright.

 

If a website is going to allow you to brute force 8 char passwords, you are doing somthing wrong.

Link to comment
Share on other sites

And yet we hear about this happening countless times, so don't dismiss it so lightly just because it inconveniences you a little.

 

Now consider what happens should the site simply be hacked and the data stolen? Then they don't need to hammer the site for a couple of weeks, they can hammer their local system for a couple of DAYS and have the entire password database undone. If you don't think this is realistic, you have no idea what these criminal enterprises are capable of, and if you think they won't be interested in the database here at Nexus, you REALLY don't get it at all.

Link to comment
Share on other sites

Hello,

 

Today I noticed you now require all users to reset their password to 12-character one. I don't know why would someone decide it was good idea for a modding website. There is a reason companies like Google or Facebook, which store insane amount of information about you require only 8 characters — they know people reuse passwords and nothing is going to change that. If you ask someone to enter ≥12 char password, they will likely choose one already in use, with that exceptional length being most likely bank account pass. Percentage of people using password managers is still minuscule. Now Nexusmod has relatively unusually high percentage of users with their bank password, which contrary to your belief, makes a breach more attractive for hackers. Brute force or rainbow attacks are not the ones you should fear the most, because great majority of users' accounts don't contain anything worth stealing. It's the big leaks and theft of millions of passwords that may happen, in which case you should prepare for a big shitshow. There are ways to secure passwords, but lengthening it in this context is probably not a good one.

 

 

You've waited 8 years to make your first post, and it was to complain.

Meanwhile, in that 8 years, you've endorsed ZERO Mods, and given ZERO Kudos etc.

 

I.E. For 8 years, you've not bothered to give any opinion on any of the mods you've downloaded since 2012, nor have felt that you should give an endorsement to any mod you've downloaded, nor give any Mod Author a Kudos for making a mod you like, but the Nexus requires you to change your password to a 12 character password, and all of a sudden you feel the need to say something?

 

 

 

Link to comment
Share on other sites

Calling twelve digits an "exceptional length" is a touch over it. My last name has sixteen characters (one cap, no numbers). And saying people will likely be using their bank account numbers as password is completely ridiculous. Or maybe you do it yourself and think everybody does it. Personally I couldn't care less how long a password needs to be, as long as I've got the count right.

Link to comment
Share on other sites

I hate this. Now to make it easy for me to remember a longass password, I just run a straight line through my keyboard. Its not thoughtout, its not secure, and I hate that a site I don't use money on now needs a longer password than all my other MONEY HANDLING websites. Let me handle how I do my passwords because next time Chrome forgets the autofill password, I will have to reset my password again when I inevitably forget. I will not have a text file with my passwords or have to carry a notepad around. I do reuse passwords, know why? I've never had a problem with them, I have many I use for specific sites and others for specific types of sites. If a password leaks on a non money site, so what, I change to another prepaired password, but now non of my extra passwords work because of 12 f***ing characters which makes me just go "Passcode1234" then next time i forget and just enter "Passcode12" because I forgot the site REQUIRED 12.

Edited by SurferOtter
Link to comment
Share on other sites

I hate this. Now to make it easy for me to remember a longass password, I just run a straight line through my keyboard. Its not thoughtout, its not secure, and I hate that a site I don't use money on now needs a longer password than all my other MONEY HANDLING websites. Let me handle how I do my passwords because next time Chrome forgets the autofill password, I will have to reset my password again when I inevitably forget. I will not have a text file with my passwords or have to carry a notepad around. I do reuse passwords, know why? I've never had a problem with them, I have many I use for specific sites and others for specific types of sites. If a password leaks on a non money site, so what, I change to another prepaired password, but now non of my extra passwords work because of 12 f***ing characters which makes me just go "Passcode1234" then next time i forget and just enter "Passcode12" because I forgot the site REQUIRED 12.

I suggest you migrate to Jerusalem. There's a wall there where you can complain against. Crikey. Two extra digits and the world is coming to an end.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...