Subject:
|
Re: New feature: Article rating
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Mon, 27 Mar 2000 17:10:34 GMT
|
Highlighted:
|
(details)
|
Viewed:
|
1898 times
|
| |
|
|
In lugnet.admin.general, Larry Pieniazek writes:
> X.com doesn't require anything special about PWs... when you use X you have
> more at risk than at Lugnet (well, your honor and reputation are more at risk
> here if someone starts posting in your name). Doesn't make their lax security
> "right" but there is an appropriate level of effort to put into this, not sure
> what it is yet.
can't someone already post in your name without knowing your password? I
believe all you need to be able to post is your name and email address... heh,
going to test that in a sec.
btw, as far as password choosing and forcing - well, I believe one should be
allowed to set his own password. The people who don't care, or want to
carry/remember the automatic one will not change it, but the people who, for
reasons of their own, want to change it, will. The server could put some
restrictions on the password (say, no less than 5 characters) and should warn
if you choose a bad password (your first name is not a good password)... But
if I want my lugnet password to be a simple one, that means I'm not worried
about it being cracked - my problem, and my problem alone - no?
:)
Dan
|
|
Message is in Reply To:
 | | Re: New feature: Article rating
|
| (...) The argument here is that if you get too restrictive (requiring one non alphanumeric, for example) you cut the set of passwords down far enough that you make brute force attack easier! I tend to favor trying a few quick checks on the pw to see (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
