What is the point of the 30 day timeout on authenticated logins?

[BruceVC]

Taluntain DarkUnderlord seriously guys, how does making us enter the authentication code every 30 days improve security?

If you're worried about an attacker getting hold of an old computer that has an active Codex login, having logins time out after 30 days of inactivity would be just as effective, and not be a constant annoyance for active users.

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

 

[Maxie]

your 30 day timeout demands I authenticate like three times a month

 

[BruceVC]

your 30 day timeout demands I authenticate like three times a month

I still have absolute confidence in you that you are more than able to solve this conundrum....have belief in yourself !!!!!

 

[Stavrophore]

Taluntain DarkUnderlord seriously guys, how does making us enter the authentication code every 30 days improve security?

If you're worried about an attacker getting hold of an old computer that has an active Codex login, having logins time out after 30 days of inactivity would be just as effective, and not be a constant annoyance for active users.

It's to make sure that after you pass away from STD induced anus cancer, your father won't shitpost on this site.

 

[Spectacle]

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

Nobody who knows what they are talking about advocates for password expiry anymore. Expiring passwords worsens security rather than increasing it. Sadly there are still a lot of organizations who are stuck in bad, obsolete security practices that still mandate regular password changes.

 

[DarkUnderlord]

We have now implemented mandatory password changes every time you need to re-enter your authentication code. We trust this will improve security greatly.

 

[BruceVC]

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

Nobody who knows what they are talking about advocates for password expiry anymore. Expiring passwords worsens security rather than increasing it. Sadly there are still a lot of organizations who are stuck in bad, obsolete security practices that still mandate regular password changes.

What do you suggest as a viable alternative to passwords and password expiry, I am advocating for password expiry and MFA but nothing is perfect

Here is a link that discusses this and even the alternatives, which make sense, have resource and implementation challenges,like biometrics., in non-first world countries

https://www.forgerock.com/blog/6-wa...zon 2023,for the modern, interconnected world.

 

[BosanskiSeljak]

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

Nobody who knows what they are talking about advocates for password expiry anymore. Expiring passwords worsens security rather than increasing it. Sadly there are still a lot of organizations who are stuck in bad, obsolete security practices that still mandate regular password changes.

What do you suggest as a viable alternative to passwords and password expiry, I am advocating for password expiry and MFA but nothing is perfect

Here is a link that discusses this and even the alternatives, which make sense, have resource and implementation challenges,like biometrics., in non-first world countries

https://www.forgerock.com/blog/6-ways-passwords-can-be-stolen-and-how-passwordless-can-stop-them-all#:~:text=According to the Verizon 2023,for the modern, interconnected world.

It's a shitty forum, you don't need any of this just because a select few idiots got themselves hacked. Especially fun when having multiple different devices so I have to do this shit on all of them. I spend more time doing shit for the Codex than I do getting into my own bank.

 

[Spectacle]

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

Nobody who knows what they are talking about advocates for password expiry anymore. Expiring passwords worsens security rather than increasing it. Sadly there are still a lot of organizations who are stuck in bad, obsolete security practices that still mandate regular password changes.

What do you suggest as a viable alternative to passwords and password expiry, I am advocating for password expiry and MFA but nothing is perfect

Here is a link that discusses this and even the alternatives, which make sense, have resource and implementation challenges,like biometrics., in non-first world countries

https://www.forgerock.com/blog/6-ways-passwords-can-be-stolen-and-how-passwordless-can-stop-them-all#:~:text=According to the Verizon 2023,for the modern, interconnected world.

Passwords that don't expire combined with 2FA seems to work reasonably well.

 

[BruceVC]

Most 2FA has an expiry period, they could set it for less but that would create more drama
But the reason its done is the same reason its implemented. Security reasons, its the same reason you should change your password regularly and not use a cached password but who ever does that ?

Nobody who knows what they are talking about advocates for password expiry anymore. Expiring passwords worsens security rather than increasing it. Sadly there are still a lot of organizations who are stuck in bad, obsolete security practices that still mandate regular password changes.

What do you suggest as a viable alternative to passwords and password expiry, I am advocating for password expiry and MFA but nothing is perfect

Here is a link that discusses this and even the alternatives, which make sense, have resource and implementation challenges,like biometrics., in non-first world countries

https://www.forgerock.com/blog/6-ways-passwords-can-be-stolen-and-how-passwordless-can-stop-them-all#:~:text=According to the Verizon 2023,for the modern, interconnected world.

It's a shitty forum, you don't need any of this just because a select few idiots got themselves hacked. Especially fun when having multiple different devices so I have to do this shit on all of them. I spend more time doing shit for the Codex than I do getting into my own bank.

I find it hard to believe that you are spending longer than 5 minutes on Codex with your 2FA every month

Once its configured it works, it asks for a new password every 30 days. It has given me no problems, you just have to cookies enabled and you can do that just for Codex. Most browsers allow you to that if you have issue with enabling of cookies

 

[King Crispy]

I'll explain that if you can first explain to me what the purpose of the 30 day timeout is, and how it achieves that purpose.

Okay, but... you just advocated for a 30-day "timeout" period in your original post! Huh?

Renewing the security certificate via 2FA every thirty days further discourages malicious actors from attempting to steal accounts by guessing their passwords, being handed an account by some butthurt user, or other possibilities, by requiring a second factor (email or cell phone) not just a single time but on a regular basis.

 

[King Crispy]

It's a shitty forum, you don't need any of this just because a select few idiots got themselves hacked.

It's your right to characterize this as a shitty forum (which you actually paid real money to be a part of, by the way) but you probably don't realize the real headache that relatively recently stolen accounts caused for the administration of said shitty forum. It resulted in a serious glitch in the forum's database which had to be meticulously repaired (which I'm sure you simply don't care about).

If it weren't for our resident Polish web janitor's skills, we'd probably still have bizarre delays, entirely broken threads and all sorts of other nastiness.

 

[BosanskiSeljak]

It's a shitty forum, you don't need any of this just because a select few idiots got themselves hacked.

It's your right to characterize this as a shitty forum (which you actually paid real money to be a part of, by the way) but you probably don't realize the real headache that relatively recently stolen accounts caused for the administration of said shitty forum. It resulted in a serious glitch in the forum's database which had to be meticulously repaired (which I'm sure you simply don't care about).

If it weren't for our resident Polish web janitor's skills, we'd probably still have bizarre delays, entirely broken threads and all sorts of other nastiness.

Yeah, deleting posts. The same thing that Taluntain said can be mitigated by just restricting how many posts you can delete in a specific time frame.

 

[King Crispy]

 

[ds]

I'm more interested in why everyone on the 'dex is intent on annoying, slurring, cursing out, being mean to and in general abusing other users.

What the hell are you blathering about, most people here are extremely friendly. Cunt.

 

[Jonathan "Zee Nekomimi]

30 day authentication will continue until we get dick scanning technology to access the website. Also valid for the "woman" of this website.

 

[Zed Duke of Banville]

That's offensive to hexagon lovers

Everyone recognizes that hexagons are the best, even if they pretend otherwise.

 

[mediocrepoet]

Also valid for the "woman" of this website.

Their dicks are too big, keeps overloading the app.

 

[CHEMS]

I only access the codex on a computer on my dingy basement, its sole purpose is posting on codex

i fear nothing, they should fear me

 

[Ash]

More security FTW. The Codex is a sanctuary for gentlemen of fine taste and must be guarded!

 

[Spectacle]

I'll explain that if you can first explain to me what the purpose of the 30 day timeout is, and how it achieves that purpose.

Okay, but... you just advocated for a 30-day "timeout" period in your original post! Huh?

Renewing the security certificate via 2FA every thirty days further discourages malicious actors from attempting to steal accounts by guessing their passwords, being handed an account by some butthurt user, or other possibilities, by requiring a second factor (email or cell phone) not just a single time but on a regular basis.

30 days after no activity, to prevent anyone from exploiting an active login on an abandoned device, which is the only situation where any kind of automatic timeout makes sense. If a hacker can get past the 2FA once then he can most likely get past it multiple times.

2FA with timeouts after a period of inactivity is how sites like google and steam does it. Does the codex really need to be more restrictive than that?

 

[Haba]

Oooh I like this new keyboard. Very nice clack to it.

That sounds nice. Could you post some photos of it?

Maybe in the bed, with you lying next to it?

 

[DarkUnderlord]

Haba, check your PMs.

 

[grimace]

Level up our cybersecurity skills, fight against spam, highlight incline, mock decline.

 

[Stella Brando]

not be a constant annoyance for active users

but what would the janitors do for fun?