ForumDiscovery AnotherAdminForum Your link here?

Foundation Requiring Strong Passwords

For topics focused on starting or structuring a community.
Shawn Gossman

Shawn Gossman

Engaged Member
Administrata Pro
How do you all feel about requiring that your forum members have strong passwords?

How about enabling features such as mandatory 2FA logins? (Two-Factor)

How about for staff members, especially those who can get into your admin control panels?

Do you think more forum admins need to take something like this issue seriously?
 
I think it's a major restriction on their freedom. However, though, I think strong passwords are a must for the admin to prevent hacking.

Anyway, I would say strong passwords are good for users, but it's not my loss if they don't use them. It could be their loss.
 
Strong passwords are good for both staff and members, especially when browsers nowadays can generate a very strong password for you.

Mandatory 2FA? No, that can go straight in the bin...
 
If 2FA were an option on the software I used, I would strongly recommend my staff (if I had any) enable it along with having a strong password.

I don't require strong passwords for members, but I would highly advise having a strong password for any account you use.

All I have on the software I use is a security question for the Admin CP, which I do use.
 
Back when I run forums 10+ years ago, the ability of admins to require strong passwords from members was somewhat limited. If I recall, you could specify minimum password lengths, but that was about it, and obviously people would be annoyed if the minimum was set too high. On the forum I ran that got particularly popular, we had so many password issues that an administrator had to be hired to deal with account recovery and password help requests from members, which was kind of frustrating.

Luckily it seems nowadays that much of this functionality is built into forum software, and 2FA has made things so much easier too. I definitely wouldn't be hiring an admin to solely work on account recovery if I was running a forum nowadays, unless I had literally millions of members!
 
If implemented on an active forum, make it to new regs only, and not retroactive.
And then just make a public post/notice about it for current members.
 
InvisionFree was probably the most crack-able forum software I recall. Everyone was always getting their account hacked into. I remember John of Jcink explaining the primary reasons behind that, but I would have to search to find the post.
 
Cory said:
InvisionFree was probably the most crack-able forum software I recall. Everyone was always getting their account hacked into. I remember John of Jcink explaining the primary reasons behind that, but I would have to search to find the post.
Click to expand...
Most of the time it was just guessing the password. This was in a time when we weren't aware how important a good password was. So often it was just easy to guess.
 
Shawn Gossman said:
How do you all feel about requiring that your forum members have strong passwords?
Click to expand...
They can have whatever password they want. If they want password, so be it. Just don't complain when your account is "hacked".

Spamming will be picked up on pretty quickly and the account will be locked, so there are no worries there.
Shawn Gossman said:
How about enabling features such as mandatory 2FA logins? (Two-Factor)
Click to expand...
Only on a professional forum (in the works) will require it because it'll have more sensitive information, and only if the team leader requires it of their collaborators.
Shawn Gossman said:
How about for staff members, especially those who can get into your admin control panels?
Click to expand...
I have hard-delete set to NEVER, and that can only be changed one way: Through me, physically, and a passkey. So I have no problem worrying about data loss through the ACP. Good luck getting onto the server to change anything. But, if you do, there are backups in place where some content can be lost, but very minimal.
Shawn Gossman said:
Do you think more forum admins need to take something like this issue seriously?
Click to expand...
Probably only allow people you trust ACP/Admin access and grant them specific privileges within it. I'm unsure about other forum software, but XenForo will let me disallow a moderator from doing anything from managing bans, or an administrator from managing user groups, if those people don't need to.

If I need a 3rd party developer to debug a style, I will only grant them "Manage styles, style properties, and templates" for the time they need, and on a development instance, to port over once it's done. There's no need for them to manage users, etc., if you get the point.
 
You must log in or register to reply here.

Similar threads

Cpvr
Foundation The Things that can Automatically Kill a Forum: How to prevent them from happening
2
Replies
17
Views
497
Nomad
Nomad
Arantor
Plugins Feature requirements help please
2
Replies
10
Views
190
Arantor
Arantor
Cedric
General What part of community building makes you struggle?
2
Replies
16
Views
345
Cory
Cory
Al
  • AMS: Article AMS: Article
Article Forum Growth Strategies That Don’t Rely on Social Media
Replies
0
Views
66
Al
Al
Cpvr
Team Building Building a Strong Team Culture in Online Communities
Replies
2
Views
90
Nomad
Nomad

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

About us

We're a dedicated platform for community leaders looking to build, manage, and grow successful online communities. With expert resources, tailored services, and a vibrant network, we empower you to create thriving spaces. Best of all, you can showcase your community, access design and content services, and connect with like-minded leaders effortlessly!

Quick links

Community recommendations

Newest members

Back
Top