I don’t agree 100% with that.
A rogue admin is able to bypass at least one important defense mechanism (rate limiting on password tries, because they can do offline attempts if they possess the hash). Dismissing that as unimportant or as not a threat could be considered negligence.
I’m not sure what “Chatgpt hardware” is (other than an attempt to use buzzwords for something completely unrelated) but this table does not include dictionary attacks, which is a real oversight and makes things look harder than they actually are.
made a pinned topic and another banner explaining about the incident, telling everyone to reset their password and enable 2fa
enabled 2fa requirement for mods
advised mods on this attack, and preventing types of attacks like this again
most active users have reset their password, but thats only about like 10% of the forum. I really don’t want to reset everyone’s password, as that will just cause confusion for them if they ever choose to re-log in.
it actually works better than you think. i’ve stopped a number of problem users with it. i find suspension easier to circumvent. also why would you not use all available methods to stop further action from this person?