• Welcome back Guest!

    MARSH is a private reefing group. Comments and suggestions are encouraged, but please keep them positive and constructive. Negative threads, posts, or attacks will be removed from view and reviewed by the staff. Continually disruptive, argumentative, or flagrant rule breakers may be suspended or banned.

Passwords (1 Viewer)

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Status
Not open for further replies.
d2mini

d2mini

Guest
Joined
Sep 9, 2008
Messages
3,336
Reaction score
24
Location
Houston
Can we please get rid of the new password every 90 days thing?!
So annoying!!! :smash:
 
LSUFireGal

LSUFireGal

1
Joined
Dec 26, 2012
Messages
758
Reaction score
0
Location
Houston, Texas, United States
Yes!!! I have locked myself out so many times because once you save your password on a device it tries to automatically log you in and it says you have entered the wrong password. The app is the worst about it. #1 there is no way to reset the password from the app. #2 once you save your log in there is no way to enter a new password, you have to delete MARSH from your accounts and then add it back.

Sent from my SCH-I545 using Tapatalk 2
 
Last edited:
steveb

steveb

Staff member
Administrator
Moderator
Board Member
Build Thread Contributor
Joined
Jun 24, 2009
Messages
11,953
Reaction score
2,856
Location
Spring
LSUFireGal said:
Yes!!! I have locked myself out so many times because once you save your password on a device it tries to automatically log you in and it says you have entered the wrong password. The app is the worst about it. #1 there is no way to reset the password from the app. #2 once you save your log in there is no way to enter a new password, you have to delete MARSH from your accounts and then add it back.

Sent from my SCH-I545 using Tapatalk 2
Click to expand...

That sounds like a tapatalk issue not a MARSH problem. Have you put in an enhancement request to them? Kinda stupid to have to un-install the app to change the password.
 
OP
OP
d2mini

d2mini

Guest
Joined
Sep 9, 2008
Messages
3,336
Reaction score
24
Location
Houston
Why even have it at all?
There is no other forum that I know of that does this.
And between cars, reef, bicycles, motorcycles, and other stuff, i've been on A LOT. ;)
 
steveb

steveb

Staff member
Administrator
Moderator
Board Member
Build Thread Contributor
Joined
Jun 24, 2009
Messages
11,953
Reaction score
2,856
Location
Spring
d2mini said:
Why even have it at all?
There is no other forum that I know of that does this.
And between cars, reef, bicycles, motorcycles, and other stuff, i've been on A LOT. ;)
Click to expand...

Well the short of it is that every password that NEVER gets changed becomes a vector for compromise. Maybe 90 days is too short but I disagree very strongly with the notion of "never" changing out of convenience. I work in IT systems and system security is something I have spent a LOT of hours working with, and yes I realize this is a forum.
 
LSUFireGal

LSUFireGal

1
Joined
Dec 26, 2012
Messages
758
Reaction score
0
Location
Houston, Texas, United States
steveb said:
That sounds like a tapatalk issue not a MARSH problem. Have you put in an enhancement request to them? Kinda stupid to have to un-install the app to change the password.
Click to expand...

I don't have to delete the app, I have to delete MARSH from the list of accounts I use on Tapatalk. I did ask them about it. Their advice was to stop changing my password.

Sent from my SCH-I545 using Tapatalk 2
 
steveb

steveb

Staff member
Administrator
Moderator
Board Member
Build Thread Contributor
Joined
Jun 24, 2009
Messages
11,953
Reaction score
2,856
Location
Spring
LSUFireGal said:
I don't have to delete the app, I have to delete MARSH from the list of accounts I use on Tapatalk. I did ask them about it. Their advice was to stop changing my password.

Sent from my SCH-I545 using Tapatalk 2
Click to expand...

Still stupid and short sited on their part.
 
trb

trb

Guest
Joined
Aug 21, 2009
Messages
1,488
Reaction score
3
Location
NW Houston
Yes, it is annoying, especially when I don't remember what my password is! I've had to have John and Mark reset mine a couple of times. I know after the first time, John put up the "Forgot Password" option on the main page, so I used that the next 2 or 3 times. But this last time it was not there, so Mark had to reset it.
 
hankintexas

hankintexas

Guest
Joined
Mar 15, 2011
Messages
112
Reaction score
0
Location
Sugar Land, TX
I use about 5 different passwords every day at work for different programs, all day long. Some are only good for 30 days and must be changed. No two passwords can be similar and none of them can be a word found in a dictionary.
The above said, it is needed for my line of work. This is a recreational website / forum. Semi annual or annual should be plenty. It is aggravating to be locked out due to a password. At the very least, a daily email starting 14 days in advance would encourage members to log in and make changes before they are locked out. Just my opinion.
 
Mark L.

Mark L.

Moved On
Joined
Oct 8, 2010
Messages
7,532
Reaction score
0
Location
The Woodlands
As an organization we need to take a step back and evaluate the situation. What type of information is compromised if we relax the password requirements for members and guests.

Risk vs Reward. If there is no risk them you can be rewarded.

Consider someone logs into your MARSH account without your knowledge. What all can they corrupt without you knowing? What personal info can they obtain? If you all can review your user account and feel comfortable someone couldn't do any real damage to you personally then maybe we can relax the requirements.

For us BODS/MODS we have access to features on the board that can have real consequences if our accounts are compromised. The users?
 
G

gm357

Supporting Member
Joined
Mar 5, 2010
Messages
174
Reaction score
105
Location
249 @ Beltway 8
The password thing is cool. 90 days is pretty short though. I have 4 passwords at work and if compromised could shut down many many organizations including the ones most of you guys use daily. Still it's longer than 90 days and includes a 2 week notification to change.

Let's put things in perspective here. I wouldn't suggest throw it out the window. Just lessen the drama when we're require to change it. Hope this helps.
 
LSUFireGal

LSUFireGal

1
Joined
Dec 26, 2012
Messages
758
Reaction score
0
Location
Houston, Texas, United States
Having just had a scare myself I think not much is at risk that isn't posted publicly anyway. Maybe addresses and phone numbers in my PMs but not much else. If someone who knows what they are doing wants in they will get it regardless of how often passwords are changed. I think the real risk is when you have your password saved on a device and you lose it or someone is using it without your knowledge and changing passwords every 90 days won't stop their immediate access.

I agree BODs and MODs and anyone else who could modify the site has more risk. I think if it can be applied to only those members we can be better served. I know a lot of people come back after some time and have trouble getting back in. Sometimes the just make a new name, but others might get discouraged and not cone back.

Sent from my SCH-I545 using Tapatalk 2
 
OP
OP
d2mini

d2mini

Guest
Joined
Sep 9, 2008
Messages
3,336
Reaction score
24
Location
Houston
gm357 said:
Let's put things in perspective here. I wouldn't suggest throw it out the window.
Click to expand...

I would. :lol:

Seriously… if someone really wants to post on Marsh as d2mini, more power to them. :thumb:
 
hankintexas

hankintexas

Guest
Joined
Mar 15, 2011
Messages
112
Reaction score
0
Location
Sugar Land, TX
I would keep a password requirement. Just give an alert at least 10 days in advance and increase the changes to 6 months to a year.
 
Status
Not open for further replies.
Top