To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 5563
5562  |  5564
Subject: 
Re: New feature: Article rating
Newsgroups: 
lugnet.admin.general
Date: 
Sun, 26 Mar 2000 18:57:06 GMT
Highlighted: 
(details)
Viewed: 
2954 times
  
In lugnet.admin.general, Mike Stanley writes:
On Sun, 26 Mar 2000 16:54:30 GMT, Todd Lehman <lehman@javanet.com>
wrote:

In lugnet.admin.general, Mike Stanley writes:
Yeah, I don't think I've ever "signed in" simply because I can't
bother to keep up with another password I didn't pick.  Once I hear I
can login ONCE with this password I refuse to put any effort into
holding onto or remembering and change it to something I can remember
without effort, I'll do it.  Until then, having a password without the
ability to change it isn't of much value to me.

You can sign in once with your password and stay permanently signed in.

And how secure is that?

I'm sensing that you're dug into this position and are now in Defensive Mode.

Whatever.

Fact is, I use a lot of different machines, not all under my control, sometimes
at a different client each week. Cookies in that context are bad. They're bad
for passwords and bad for the posting authentication process, which I contend
is still broken, lo these many months since I first complained about what a
pain it is.

Todd, you can stop this by saying "tough". Your site, your code. But till then
don't try justifying it as "right". It's not. I have enough HF experience to
know that, and so does Mike.

Lorbaat seems to relish digging in without regard to research so we'll leave
him out of it, but the fact of the matter is that research into human behaviour
tells us that machine generated unchangeable passwords are less safe than
changeable ones and machine generated unchangeable passwords are less user
friendly that user changeable ones. You could look it up. I didn't need to.

That's two strikes. You're out.

Spoken as an architect, not a developer.

PS I found my password. Think I'll go set a cookie on a machine at a NW
worldclub with it and leave myself permanently logged in with lugnet set to the
home page. Just kidding. Or maybe not.

++lar



Message has 2 Replies:
  Re: New feature: Article rating
 
(...) Well, obviously, don't do that on a machine that's not under your control. That's for your home system or your laptop -- whatever you use regularly. (...) No, not dug in, just a bit skeptical and need to think changes through carefully. No (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
  Re: New feature: Article rating
 
(...) Depends on the location. Clearly, as both you and Mike are capable of pointing out, there are inappropriate places to use that tactic in. That just means there are places you can access Lugnet from that you can't use all the features from, (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  

Message is in Reply To:
  Re: New feature: Article rating
 
(...) So what do I do when I login at a publicly accessible machine in a lab? What does anyone in a college environment do? People who are lucky enough to have a spouse who reads (and has a membership) at LUGNET but uses the same computer? To be so (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR