View Poll Results: Should powweb force you to change your ops password?

Voters
0. You may not vote on this poll
  • Yes. I'm sure there's a point to it. Like the Iraq war.

    0 0%
  • No way. I'm an adult & will change it if I feel it's necessary.

    0 0%
  • No, or at least make it optional.

    0 0%
Results 1 to 19 of 19

Thread: Can't login due to "password change"

  1. #1
    Registered
    Join Date
    Oct 2007
    Location
    Somewhere
    Posts
    7
    Rep Power
    0

    Can't login due to "password change"

    I tried to login to ops today & was told I had to change the password.

    One, I would appreciate being allowed to decide on my own when I want to change the password, not powweb. I don't like being treated like a child. Who does?

    Second, no matter what I typed, it came up "unacceptable" or "weak", even if I followed the instructions (use at least one number...).

    I can't go to "support" without logging in. I can't log in, so here I am, hoping someone with powweb will see this post & give me a hand. If not, I'll call them tomorrow.

    How about the rest of you? Do you like being forced to change your password? Are you able & mature enough to make your own decisions, or need someone else to help you make those decisions? If you think, "Hey, forcing me to change my password is a great idea - I love being told what to do by people who don't know my situation", wouldn't it be better if this was something we could could turn on in ops if we needed a reminder, or leave off if we are capable, competent adults?

  2. #2
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    It is your decision when you are on a dedicated server and control everything. When you are on a shared host where something done to your account impacts hundreds of others it is the responsibility of the host to do their best to protect all of their clients.
    ________________________________
    Find me on twitter: @entrecon

  3. #3
    Just another mook Doc C's Avatar
    Join Date
    Mar 2006
    Location
    Southern CA
    Posts
    5,098
    Rep Power
    20
    And whereas a poll is rather useless on this problem and was written in a rather biased fashion, it's been closed.

    I agree with entrecon. Also I didn't realize that you had to login to make a phonecall to support.
    "You don't really understand human nature
    unless you know why a child on a merry-go-round will wave at his parents every time around
    -- and why his parents will always wave back."

    -William D. Tammeus

  4. #4
    Beta tester
    Join Date
    Jul 2005
    Location
    California
    Posts
    627
    Rep Power
    13

    Try this

    Quote Originally Posted by maecenasaliquam View Post
    ...no matter what I typed, it came up "unacceptable" or "weak", even if I followed the instructions (use at least one number...).
    I know how you feel. The policy where I work forces password resets every 60 days. 10 character minimum (minimum two lower, two upper, two numbers, two special chars).

    People spend ages working out their next password only to find it doesn't meet the standard.

    Try this: QWerty12#$

    Don't copy it, but use a variation. It meets the standard of "very secure" yet is easy to remember.

  5. #5
    Registered
    Join Date
    Oct 2007
    Location
    Somewhere
    Posts
    7
    Rep Power
    0
    Quote Originally Posted by Doc C View Post
    And whereas a poll is rather useless on this problem and was written in a rather biased fashion, it's been closed..
    "Biased", I'll give you. "Useless", I reject. It is never useless for those in power to hear how the powerless feel. Ever.

    Quote Originally Posted by Doc C View Post
    I agree with entrecon.
    See the above. You have power & have stopped my voice. Bravo.

    Quote Originally Posted by Doc C View Post
    Also I didn't realize that you had to login to make a phonecall to support.
    Not to call, but to follow the support link.

    KitBear, thank you. Excellent suggestion. This isn't the best solution, but as long as I'm to be treated as a child, folks like you make them easier to bear.

  6. #6
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    It wasn't your voice that was stopped it was the manner in which you used that was stopped.

    If you look through the forums you will see other threads where there are complaints (mine included). I am not opposed to password changes and having them forced, I am mostly opposed at HOW strict they are making it.
    ________________________________
    Find me on twitter: @entrecon

  7. #7
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    One of my clients (Ian M.) had to change his password. Now it works for OPS after several failed attempts, but he is still unable to FTP. That password has also changed but not to the new OPS password.

    Another client couldn't log into OPS to update his credit card info, so his website was down for a month! I had to change my OPS password yet again and it also changed the FTP password. I don't know why that didn't work for Ian M.

    One, I would appreciate being allowed to decide on my own when I want to change the password, not powweb.
    PowWeb could send a reminder instead of locking customers and their web designers out of accounts. The email gets sent to my clients and not me, so I have to call to change passwords. Some accounts have my email address but most do not. I ask clients not to send passwords via email for their protection, yet PowWeb emails (temporary) passwords to them. They change the passwords and have to call me. That is especially inconvenient when we can't manage to reach each other via phone or Skype.

    It would be nice to change passwords at OUR convenience rather than disrupt customer access and possibly service. I don't mind strong passwords but this is a problem for my clients. If they have to use another computer, they call me for their passwords which I write on a paper (in pencil since they change often). This is annoying and I don't blame people for complaining about it. People are less worried about security when they can't even access their own accounts.

    If I was able to manage all of my clients' accounts from one admin panel (think of the dashboard for Google Webmaster Tools) and login (my own), that would be more convenient. I would have access and can manage databases instead of waiting for a client to get back to me when they discover they can't login. They probably don't read the emails from PowWeb as they are often marked as spam.

    Sorry for the rant. I am for security but not at the cost of access for the customers or web designers who manage the accounts.
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  8. #8
    Registered
    Join Date
    Oct 2007
    Location
    Somewhere
    Posts
    7
    Rep Power
    0
    Yvette, rant all you want! After all, no one is forced to read it!

    The problem with so many security measures is they generally have a hole in them somewhere big enough to drive a bus through. As an example, airport security (as of several months ago) still doesn't make airline crews go thru the same checks as passengers. Pit crews & baggage handlers, the same.

    To get back strictly to topic, Powweb will send passwords to ops via email, which is not secure, as Yvette has noted.

    Security is fine. The ability to choose our level of security would be better, though, than one applied by the outside.

    entrecon said:
    It is your decision when you are on a dedicated server and control everything. When you are on a shared host where something done to your account impacts hundreds of others
    Could someone provide an example? I'm ignorant, I admit, but it seems to me that the only one I can impact thru ops is myself.

    Oh, and thank you, whoever the powweb god was who got my login working again!

  9. #9
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    One of my clients changed his password and could not login after changing it, because...he used a number instead of a letter for the first character! It had worked for him in the past but not this time. He could not log into OPS to submit a trouble ticket and he didn't call since he is not in the US. I called for him to resolve it. Oddly, his PowWeb forum login stopped working, too! I don't know why THAT happened. He was really having a bad day as was I today.

    For those who DO get an email about the password change, the requirements for the password should be specified. Or maybe they are and I don't know it since I don't always get the emails.
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  10. #10
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    The requirements for password change are clearly stated when you make your first attempt to log into OPS after the 'required change' decision by Powweb.

    I don't have a problem with frequent changes, just with remembering the password!
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  11. #11
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    I don't have a problem with frequent changes, just with remembering the password!
    I have been typing old passwords lately since they have been changed so often. I have been sick for a few days, so my mind is in a fog. My paranoid nature has me saving passwords on paper instead of the computer.

    I don't know how my clients keep track of their passwords. I think they rely on me for them. Many of them use the same password for everything! One time I created a password that was really strange for that client. She asked why I picked it and I told her that no one she knew would have guessed it for her.

    Many clients are still using the names of their children or pets. Even adding a special character doesn't make the password very strong. Dictionary attacks can try any combination until they are successful, but it would take longer. The logins that only allow a limit of tries before forcing a wait are safer. I think PowWeb was gracious enough to allow ten tries since people now have to use a special character. It is easy to reach the limit when the client and the web designer split the limit to try to guess the new password!
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  12. #12
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    Not in Solomons anymore.
    Posts
    3,442
    Rep Power
    21
    Perhaps this will assist..
    PowWeb's password requirements
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  13. #13
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    I still don't see where it says the first character must be a letter. I don't know why, but a few of my clients found out the hard way that you cannot start a password with a number. Some people used dates or addresses backwards, I believe. The knowledge base could be updated to specify that.
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  14. #14
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    It probably doesn't say it, because that isn't the case!

    My password (until I just changed it) had two numbers as the first two characters, letters, upper-case and lower, and a punctuation character.... it was a strong one!

    So, numbers at the start are allowed therefore any failure to accept the password wasn't due to that 'rule'.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  15. #15
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    The passwords were working with numbers in the front. When we had trouble this time, PowWeb phone support said it was because the password began with three numbers instead of letters. The password had three numbers, an acceptable special character, then 8 letters. Now it has 8 letters, a special character and three numbers.

    When PowWeb asked Ian M. to change his password, he tried upper and lower case letters as well as numbers and a special character, but it didn't work, either. Perhaps the password reset tool is flaky.
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  16. #16

    Join Date
    Nov 2007
    Location
    London, UK
    Posts
    35
    Rep Power
    0
    Interesting thread. I wasn't aware of the forced password change requirement. It might explain another problem I've just encountered.

    Question. How frequent is this forced password change?

  17. #17
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    The frequency is 'too often for some, not often enough for others'....

    There is no set frequency to this happening and it usually follows a perceived breach of a number of accounts.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  18. #18
    YvetteKuhns's Avatar
    Join Date
    Feb 2003
    Location
    Allentown, PA USA
    Posts
    15,244
    Rep Power
    34
    Everyone had to change passwords at the end of January last year and again this year. Most of the accounts I manage had to change the passwords again at the end of May or early June. Some places require changes every 90 days and I thought PowWeb was going to start doing that. It is extremely frustrating to clients who only log into their accounts when they need to update their payment information.
    Yvette Kuhns
    Power Pages Web Design
    Customized Internet Advertising Solutions

  19. #19
    Registered
    Join Date
    Feb 2006
    Location
    USA
    Posts
    11
    Rep Power
    0
    This is just another reason I think I will not renew my service here.
    Add this to the email server going down, my site unavailable, and the times when pages are real slow to load...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •