XF 2.1 Welcome to XenForo 2.1 / Assorted improvements

Welcome to XenForo 2.1!

We said there would be something special accompanying the final HYS in this series for XF 2.1, and here it is. This is your first opportunity to help us put the new feature set through its paces.

We also said there would be a number of other miscellaneous changes/improvements to show you, so read on for more 👇
 
Click to expand...
Chris D said:
Password strength checking with zxcvbn

Over the years there has been some desire for us to implement password complexity requirements but, fundamentally, they do not tend to work. They serve as an incredibly frustrating experience and when combined with automatic password expiry it just leads to using the same password over and over with a different number on the end :rolleyes:

In an ideal world, people would all be using password managers such as 1Password or LastPass, but in reality people are still picking (frankly) rubbish passwords in order to make them easier to remember. You might be familiar with the following comic:

password_strength.png

More than anything, simply educating users is the best approach. Most people genuinely have no idea what constitutes a good or strong password, and often they do not think about it.

The above comic pretty much inspired Dropbox to take on the challenge of coming up with a better way of estimating password complexity, and they came up with zxcvbn which we have now implemented in XF 2.1. Whenever a user is faced with an option to choose a new password, they will see this:

As well as a visual indication of the password strength, it also provides a description of why the password you have chosen isn't great:

All in the hope that, one day, they will see sense and use something strong, but easy to remember, like my favourite password:

Click to expand...
While an okay start, password meters are a great way to give you a false sense of security. It would be nice to see XF expand this out to support checking against known breached passwords from Have I Been Pwned Passwords.
 
Notches suck. ;)

Chris D said:
Although there isn't a lot that can be done here for most providers, it does provide a new and consistent UI for developers to add more advanced options for custom two-step verification providers going forward.
Click to expand...
So, it seems as though it would be easy now for an add-on developer to add this for the Google and Microsoft Authenticators.
 
I like the rounded avatar, especially since mine is already adapted for the roundness. 😁

But I know some fuddy-duddy older members who are set in their ways and hate any kind of change. This will have them upset and complaining for years. Hence, a new child theme called, "Here's Your Square Avatars, Along With Everything Else Disabled That You Hate, So You Stop Complaining Already." 🤣 )

XF is looking way more modern now--I'm diggin' it!
 
187284
Rudy said:
But I know some fuddy-duddy older members who are set in their ways and hate any kind of change. This will have them upset and complaining for years. Hence, a new child theme called, "Here's Your Square Avatars, Along With Everything Else Disabled That You Hate, So You Stop Complaining Already." 🤣 )
Click to expand...
Fuddy duddies can do a quick page inspection and disable border-radius for .avatar and then everything's back to sharp-cornered normal ;)
 
Out of all the changes, so far the only one I personally don't like is the last poster avatar in the forum list and I hope it has an option to turn it off. I don't like it for two reasons...

  1. To me it's distracting and not needed.
  2. It adds an HTTP request for each avatar displayed. On larger forums, that could be an issue.
 
Kier said:
Fuddy duddies can do a quick page inspection and disable border-radius for .avatar and then everything's back to sharp-cornered normal ;)
Click to expand...
Some of these are members who can barely figure out how to turn the computer on! I think their world would implode if they displayed the developer options. 😁

BTW, I'm liking the ICODE bb-code addition here.
 
Chris D said:
Famous last words :rolleyes: It looks like we turned it up to 11, instead ;)

But enough talking about XF 2.1 features! Now go out there and break them all, so we can fix them all, so we can release XF 2.1 and then we can start working on XF 2.2 already! :D

Thanks to everyone for their support and we hope you enjoy XF 2.1 :)
Click to expand...

OMG. I cannot wait to get this upgraded today!! It feels like Christmas 🎁
 
HIBP check for hacked passwords would be nice to see added. Its quite a hot issue currently:

fortune.com

Blackmail Scam Uses Passwords to Scare People into Paying Bitcoin. Don't Fall for It.

The perpetrators threaten to release embarrassing videos from supposedly hacked screencams.
fortune.com fortune.com
This scam is causing members to ask for account deletion as my site is about sensitive information. (health related)

Suggestion is here: https://xenforo.com/community/threads/password-check-against-haveibeenpwned-api.132393/
 

Similar threads

Wildcat Media
  • Question Question
XF 1.5 Is there a way to count outgoing email messages?
Replies
0
Views
289
Wildcat Media
Wildcat Media
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
Top Bottom