Passwords

Delphi · Post by **Delphi** » Tue Jan 24, 2006 12:42 am

Just a general security issue... Perhaps we should mandate periodical password changes for all people with certain accesses. It could be made automated, done with the push of a button, giving each person truly random passwords, or just done manually by each person (which would unfortunately leave enforcement undoable).

I also plan to talk to Greg Dean about on a similar schedule doing a check of the forum files on the server, and uploading over them. It is possible, if someone got a high enough password, to modify a file on the server and siphon our precious passwords away. If we have Greg Dean replace all files periodically with assuredly "clean" ones, any security breaches would be corrected post haste.

I know some of these things may seem paranoid or overkill, but I wouldn't propose them if I didn't know they could be exploited.

AngelGuardian93 · Post by **AngelGuardian93** » Tue Jan 24, 2006 9:01 am

I agree with Delphi. Codes can be cracked, after all...

Delphi · Post by **Delphi** » Wed Jan 25, 2006 2:03 am

Ok, thanks to some deliberation with Greg Dean, I've evolved the plan. First off, replacing the particular file(s) I'm thinking of can be done automatically with cron jobs. Secondly, I can also have a PHP script run which would change the passwords randomly and send them to the people's emails on a schedule, if we went ahead with that sort of plan.

Kaiseress Semisa I · Post by **Kaiseress Semisa I** » Wed Jan 25, 2006 10:17 am

I'm down with that, as long as the password changingness won't log me out if I'm currently browsing.

Delphi · Post by **Delphi** » Wed Jan 25, 2006 2:20 pm

That's something I'd have to test, but the changes would likely happen at an off-beat time... maybe 6am EST (3am PST), so that the number of people with the high-up accesses who are browsing would be highly limited.

osmose1000 · Post by **osmose1000** » Wed Jan 25, 2006 4:09 pm

We can't just go with passwords like ag80894bqgf0b34hw3iqw80a8h? Damn.

Delphi · Post by **Delphi** » Wed Jan 25, 2006 7:38 pm

Believe me, if this is implemented, the passwords will look something like that. However, no matter how clever, if someone manages to get to a position in which our passwords are given to them basically, what good would a long-ass password do? None.

Delphi · Post by **Delphi** » Sun Jan 29, 2006 4:11 pm

Permission to implement this plan for anyone with access here? I'd basically run a script at a given time every week or so (more or less depending on how we want it), and then it would assign everyone here new passwords and send them via email.

Post by **Shyriath** » Mon Jan 30, 2006 8:50 pm

Changing passwords? Aaagh...

But it is a good idea, nonetheless. I shall sacrifice my love of the constant gladly if it helps national security.

Shireroth

Passwords

Passwords

Who is online