- Messages
- 3,455
Prior to today, members with an insecure account password were required to click a link in an email sent to them every time they went to log in.
This was required even if they had not enabled two-step login. Effectively they were forced to use two-step login.
The system required this because it could tell their password was insecure, and so it did not trust their password alone to be enough to identify them.
This extra security protected member accounts against takeover attempts.
Today, I've gone through and set all accounts that were flagged as having a bad password, to require a password change.
Assuming these members update their passwords to something better, they'll no longer be forced to use two-step login.
So, if you've been forced to click an emailed link in the past to log in, and got a required password change today, this is why.
If you need help with remembering, storing, or generating secure passwords, I recommend the use of the (free) tool: https://bitwarden.com/
This was required even if they had not enabled two-step login. Effectively they were forced to use two-step login.
The system required this because it could tell their password was insecure, and so it did not trust their password alone to be enough to identify them.
This extra security protected member accounts against takeover attempts.
Today, I've gone through and set all accounts that were flagged as having a bad password, to require a password change.
Assuming these members update their passwords to something better, they'll no longer be forced to use two-step login.
So, if you've been forced to click an emailed link in the past to log in, and got a required password change today, this is why.
If you need help with remembering, storing, or generating secure passwords, I recommend the use of the (free) tool: https://bitwarden.com/