ZDoom

Hey everyone! We've been having a bit of trouble with compromised accounts on here of late, so we've implemented a new password complexity requirement on all accounts, effective immediately. Upon logging in for the first time after today, you will be required to change your password to something that is at least 20 characters long, and contains both upper- and lower- case letters, as well as numbers. We feel this is necessary to maintain the continued security of the forums, and sincerely apologise for any inconvenience this may cause.

If you would like to create a randomly generated password, you can use https://passwords-generator.org/

If you have any questions, comments, or concerns, you can leave them below. Otherwise, keep on Dooming!

Oof, if the new policy is indeed 20 characters then the password reset page is incorrect, and upon seeing that it said I needed at least 35 characters I genuinely almost just closed the tab, I do like lurking around here but my account isn't THAT valuable lol

Rhiannon wrote: ↑Wed Jan 18, 2023 6:02 am Oof, if the new policy is indeed 20 characters then the password reset page is incorrect, and upon seeing that it said I needed at least 35 characters I genuinely almost just closed the tab, I do like lurking around here but my account isn't THAT valuable lol

It was set to 35 for a brief period before being reduced down to 20, you're not going crazy xD <3

Several people complained so I reduced it. The main purpose of the reset was to get people off of the years-to-decades-old passwords that they had before the new requirements that they simply never changed. I'm always of the belief that "more is better" but sometimes I forget that people aren't nerds like me that have ways of managing passwords that make such requirements trivial to deal with xD

Rachael wrote: ↑Wed Jan 18, 2023 6:10 am Several people complained so I reduced it. The main purpose of the reset was to get people off of the years-to-decades-old passwords that they had before the new requirements that they simply never changed. I'm always of the belief that "more is better" but sometimes I forget that people aren't nerds like me that have ways of managing passwords that make such requirements trivial to deal with xD

*hides her randomly-generated 100-character password that isn't longer simply because the generator only went to 100* more is better? What are you talking about? That's silly.

CandiceJoy wrote: ↑Wed Jan 18, 2023 6:16 am *hides her randomly-generated 100-character password that isn't longer simply because the generator only went to 100* more is better? What are you talking about? That's silly.

More can be better! Though it can be pretty mind-boggling too, 100 characters...

I know I gotta get myself set up with a password manager eventually, but it's really easy to stay stuck in old ways. Someday!

It's good to know I'm not crazy though! ...yet. <3

If you change the password requirements, please also adjust all the referring descriptions.
It still says that the password needs to be between 3 and 20 characters long while, in fact, the minimum is 20 characters.

Ihavequestions wrote: ↑Wed Jan 18, 2023 7:17 am If you change the password requirements, please also adjust all the referring descriptions.
It still says that the password needs to be between 3 and 20 characters long while, in fact, the minimum is 20 characters.

Where are those shown? I'll get them updated

Under Board index > User Control Panel > Profile > Edit account settings. That's the page that is shown to logged-in users automatically when they visit the site.

TheQuickBrownFoxJumpsOverTheLazyDog007!

Ihavequestions wrote: ↑Wed Jan 18, 2023 7:37 am Under Board index > User Control Panel > Profile > Edit account settings. That's the page that is shown to logged-in users automatically when they visit the site.

I think it might be a cache issue or something, it looks right to me ^_^

The most important part of security is availability. If you can't remember the password, it's useless. I recommend BitWarden as a good password manager. You can even self host your own instance, so a bitwarden.zdoom.org is possible lol. Their free plan does basically everything I want it to do. (This is NOT sponsored)

What *actually* is the hard limit for password length? Because I've used to use 255 character long passwords until I noticed certain websites truncating my input and then leaving me locked out because I don't know where the truncation occurred. (PayPal did this to me most notably)

Sometimes less is more.

Rachael wrote: ↑Wed Jan 18, 2023 6:10 am Several people complained so I reduced it. The main purpose of the reset was to get people off of the years-to-decades-old passwords that they had before the new requirements that they simply never changed. I'm always of the belief that "more is better" but sometimes I forget that people aren't nerds like me that have ways of managing passwords that make such requirements trivial to deal with xD

Yeah,so I add another 1234567890 to mypassword. Wooow, such security! On a hobby forum, where I have no vital information, not even a real name!

What about normal password and twofactor authorization?