A couple of changes gone live today.
Firstly, I've implemented a password policy to improve account security.
The rules are that your password:
- must be at least eight characters
- must not be a number
- can't contain your name or email address
- must not be an easily guessable word (we check against a database of common passwords).
We aren't forcing users to change their passwords, but if your password doesn't meet this standard then I recommend that you do so!
Secondly, I've added another check to the feedback form to block more spammers.
Unless the person leaving feedback has logged in then they won't be able to add anything that looks like a domain name to the message (we were already blocking anyone adding a full URL, but now it blocks any sort of domain name).
As a followup to the password policy improvements, I've now also implemented a better and more secure password reset method.
If you've forgotten your password and you request a new one, you will be emailed a password reset link that lets you set a new password (which must then comply with the password policy).
The password reset link will stop working after you have set a new password, or after two hours if unused.
I'd be honoured if you used it!
Joe - Voice admin