Posted on 03/16/2025 6:09:41 AM PDT by Lazamataz
No, don’t support that.
Let’s just say I know of types of accounts requiring a login every 30 days or they become deactivated. It’s a PITA!
Thanks, but I have been called a fanciest. This really has shaken me. I have never ONCE advocated for fanciestism. It goes against EVERYTHING I stand for!
Technically, it's a breeze. When you issue a cert or a cookie, you can easily put in a time-limit on it.
Logging in every 30 days or so is pretty easy, especially if you allow Edge, Chrome, or MS Password Manager to auto-fill your password.
Or even worse, maybe I call out from my car to another, if they have any Grey Poupon mustard.
(shudder)
Can’t say as I disagree.
But this would explain a LOT of what’s been happening on FR to cause it to deteriorate.
Back decades ago, when Free Republic was at its most popular (during the Clinton years) with thousands of people posting here, Democratic Underground members would create accounts. I think they had 100s of accounts made just to post their swill even though they knew they’d quickly get banned.
The leftists would come here, post leftist bile and try to stir up trouble. Moderators would “zot” them pretty fast, but then another would show up. It became a contest to see how fast their accounts could be banned. So, there are a lot of accounts from the late 90s and early 2000s that still belong to those people.
I think a few of the Democrat underground old-timers still have a list of those old accounts and occasionally use them just for fun. Think of blue-haired sixty year old women who never were married and now just have a house full of cats and empty wine boxes, which nothing much to do, and you’ll recognize who I’m talking about.
Certainly there are those, but I'm concerned by the people who were solid conservatives who suddenly change.
And I'm MOST concerned about the very easy way passwords can be cracked.
I have noticed several names posting I didn’t recognize. When I ping the name it is a long time account that hasn’t posted in 10 or 12 years. It makes me wonder.
Perhaps accounts that are inactive for five years should be sent an email and if no response is received then deactivated.
Worthy of consideration.
You just entered taboo territory Laz. You may have opened a can of worms.
I have been very cautiously mentioning it for a couple years now hoping the hints would produce transparency. The most popular years seem to be 1998 and 2003 accounts.
There are two possibilities. And neither are hacking... There are several of us watching this for awhile now.
How do I know? Because at least ONE current active member would have been hacked by accident which would have exposed the fact accounts were being hacked a long time ago.
What i am talking about is containerized.
Thus, my post.
Perhaps accounts that are inactive for five years should be sent an email and if no response is received then deactivated.
This would require significantly more programming. My three suggestions would be far easier to code and plug 90 percent of the security concerns.
Many websites/services require passwords have at least 8 characters with one number, one upper case letter and one special character. I don’t know if there are any specs for passwords here.
Mine’s pretty short so I should change it. Can do that here — https://freerepublic.com/perl/edit-account
One issue might be that the things you mention are fairly recent and you can probably download a library or find a drop-in but maybe not in Perl.
Two factor auth with text sent to phone requires SMS sending ability which would likely have to be paid SAAS.
Also, some people don’t have a cell phone.
I just logged into indeed and they send a 6 digit login code via email so that might be a better option. They send it as text in the email but also show my device, IP address and location so that probably has to match what the login page sniffed out when I plugged in my email address. There’s usually a time limit on using the code too.
Then there’s the check the box for Are you human? Might be a strictly google service thing.
When I go through my VPN, facebook makes me type in the code from an ugly obscured image on a secondary login page so that’s another method but I don’t know what it entails.
One 2Fa login method for my bank will call my home phone and then I hit 1 and get logged in but I’m sure that would be SAAS.
Many forgot password systems give you a magic reset password link, usually with a time limit for use, that takes you to a page to enter a new password and then makes you log in after resetting it.
How do we know that HASN'T happened? We would never see the fallout.
I would not provide a phone number.
Instead, I prefer using my e-mail address for receiving an authenticating link . . . that I can copy from the e-mail message sent from FR, and paste into the URL address field of my Internet browser.
The resulting FR webpage, would be where I then enter my password and click “OK”.
Meanwhile, the chances for sign-on difficulties would increase, and require greater expenses to maintain around-the-clock administration of the 2-factor sign-on.
I submit that they were never Conservative in the first place.
Exactly!!
🙃
“Your attention to the matter is much appreciated, as are your links directly to FR management; my online presence is restricted solely to FR and this vulnerability should both not be a complex implementation and be explored immediately.”
That was a hit-n-run comment while scrolling.
Check Freepmail.
I’m not sure what you mean. Like a Docker container? Don’t see how that would help anything.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.