Resetting a password is about as difficult as breaking into Fort Knox. The timeout after five tries, all the emails, and the steps required are overly complex. Come on folks, this is a forum, not a bank website.
This site is managed by Verticalscope, a company that creates social networks and websites to gather targeted online discussion in high-consumer spending areas like autos.
Verticalscope has been hacked twice in recent history, exposing 45+ million user accounts. While discussion forums don't ask for or store personal data, I think the extra steps are a sign they're doing their part to protect themselves and us from future hacks.
I just learned through experience that your forum password will auto-expire every 365 days and will require you to set a new one to continue further. When you log in, you'll get the following message along with a link to a page to edit your email and/or password:
Your password is 365 days old, and has therefore expired.
Please change your password using this page.
Folks that have been part of the forum more than a year have likely already experienced this, but it caught me by surprise so I wanted to share as a heads-up to others.
You can wait for the alert to happen when you log in, or proactively update your password on your "User CP" (control panel) page in advance.
Luckily for most people, on a private network, personal computer; most browsers offer some sort of auto-fill password system. For those accessing from multiple platforms, apps like OnePassword, are awesome. There are other free alternatives out there as well.
For those of us using MacOS, keychain (if I'm calling it the right thing) not only generates secure (and ridiculously complex) passwords, but also auto saves/updates it across the entire platform.
While I agree that this is tedious for a forum, it's better to never be hacked in the first place, as most people use the same or very similar passwords across multiple sites. No one wants a simple forum hack to lead to compromised banking information due to a shared/similar password.
I use keychain to generate and store my passwords on iOS and MacOS. I will sync some of those passwords with firefox for when I need to use my PC or Android. Apple seems to switch up the algorithm they use to generate passwords from time to time. So I usually update my passwords when I notice newly generated passwords look different to take advantage of the new password generator.
plenty of experts agree that expiring passwords are a great way to encourage passwords to get written down and/or serialized so they are easily guessed.
password policies seem to be terrible every where because every entry level tech has access to password requirement check boxes in the admin console of the systems they are tasked with managing and its an easy CYA. it looks better in company policy documents than the following.
the best passwords are longer diverse passwords which are intuitive to you and then easily remembered and don't need to be altered to conform to a particular sites policy and thus dont need to be shared with a third party password app or written down.