Subject:
|
Re: New feature: Article rating
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Mon, 27 Mar 2000 15:49:09 GMT
|
Highlighted:
|
!
(details)
|
Viewed:
|
1731 times
|
| |
|
|
In lugnet.admin.general, Todd Lehman writes:
> In lugnet.admin.general, Ed Jones writes:
> > I do foresee one possible area that could be a problem (but I could be
> > overreacting) - Auction/Sale/Trade announcements could all end up with a 75
> > rating (the initial 50 and then the poster gives it a 100). This could give
> > a false rating for those announcements.
>
> It'll probably get counter-balanced by people marking some of the more • annoying
> ones down. Anyway, it's up to each individual reader whether or not they wish
> to pay attention to the ratings.
Good point.
>
> > One minor kvetch. Logging in asumes that I know my password (which I don't
> > and have to dig it out each time).
>
> Do you sign in often from a public place such a library?
I sign in from various workstations in various training rooms in 2 different
buildings.
>
> > Is "changing your pasword" in the works?
>
> Thinking more about it -- but it needs to be thought through very carefully.
>
> For example, if people can pick just any old password they want, then there
> has to be some sort of check by the server to make sure that the password
> isn't too insecure. Usually these checks involve scanning a dictionary of
> words and names doing permutations on them, etc. The check has to be able to
> identify double-word as well as single-word problems, for example "giraffe"
> (one word) or "puppydog" (two words) or "boxed" (one word, but also two
> portions of a name).
>
> That's for the user's protection. Secondly, for LUGNET's protection, there
> has to be some way to ensure that people don't use passwords here that they
> might use elsewhere. For example, if someone uses the password "blorkshmork"
> everywhere online, that's bad from LUGNET's point of view, because it opens
> up potential questions or finger-pointing if someone's account on some other
> system ever was compromised. Consider this hypothetical situation: "Someone
> broke into my PayPal account yesterday and took all my money. The only other
> place I use that password is at LUGNET. Not that I particularly suspect
> anyone, but this certainly does raise some questions." From a risk assessment
> point of view, it's imperative to take this possibility under consideration
> and prevent even the possibilty of it happening, if at all possible.
>
> Of course, there are solutions (at least two I can think of so far*):
>
> 1. Allow people to select from several machine-generated passwords and to
> choose a favorite.
>
> 2. Allow people to add an easy-to-remember password of their own choosing
> on top of the main password, and require both passwords in order to be
> fully signed-in. This would allow people to store their main password in
> a main cookie on machines at work, and use the secondary easy-to-remember
> password for quick signing in and signing out whenever they wanted. Thus
> they would only have to remember one short password which someone snooping
> on their machine probably couldn't guess, yet the main password would
> still be there for other security reasons.
>
> --Todd
>
> * I've been thinking about this for more than two years and have still only
> come up with these two solutions.
Until you added Article Rating, the only function a member could perform by
logging in was to edit their profile (if I am correct - I doubt it). Now that
I have a reason to use my password.....
Hmm... actually, if someone wants to hack into LUGNET that badly, the basic
character (language, digits, scrambling, etc.) of their password isn't going to
stop them, as the last rash of major site stoppages demonstrated.
I personally hate generated passwords and change them as soon as possible to
something that has significant meaning only to me.
Perhaps if you required that members create a password that would:
- Only be used for LUGNET
- Not be stored in a cookie
I would certainly have no problem with that. Cookies get deleted/corrupted
anyway (for some reason I have to resubscribe to LUGNET about every 2 weeks
because my cookie gets deleted/corrupted). I would much rather rely on my
memory of my password that a cookie.
Anyway, just food for thought.
|
|
Message has 1 Reply:
 | | Re: New feature: Article rating
|
| (...) This could be a polite request to people, but as Mike Stanley pointed out yesterday, there's technically no way to ensure it 100%. (Which doesn't diminish its desirability, only its effectiveness somewhat.) (...) How would you use your member (...) (24 years ago, 27-Mar-00, to lugnet.admin.general) !
|
Message is in Reply To:
| | Re: New feature: Article rating
|
| (...) It'll probably get counter-balanced by people marking some of the more annoying ones down. Anyway, it's up to each individual reader whether or not they wish to pay attention to the ratings. (...) Do you sign in often from a public place such (...) (24 years ago, 26-Mar-00, to lugnet.admin.general) !
|
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
