Subject:
|
Re: Automated password appraisal (Re: New feature: Article rating)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Thu, 13 Apr 2000 04:23:52 GMT
|
Viewed:
|
3949 times
|
| |
|
|
In lugnet.admin.general, Matthew Miller writes:
> Todd Lehman <lehman@javanet.com> wrote:
> > http://www.lugnet.com/people/members/pwsa/
>
> Oh, hey, I'd missed this. Two suggestions:
>
> 1. Can you use https for this?
What's involved in setting up an https server? I remember reading once upon
a time (it must've been about 2 years ago) that it could be kind of a mess,
and that connections often took 1 second to authenticate. That would be a
problem for random HTTP requests using cookies, but the password isn't plain-
text there so it's less risky. For a sign-in or a change-password page, it
would be OK if it took a second or two.
> 2. How about a 'passwords submitted aren't logged' privacy statement?
OK.
> Why? 'Cause it's so cool I was instantly tempted into typing in old
> passwords that I no longer use, and was almost tempted into typing in
> passwords _currently_ in use. (And by Larry's posts, I see he was tempted
> too...) Bad. :)
>
>
> Also:
>
> /|\@++|>/|\ = 361% Excellent (PASS)
Do those symbols that supposed to mean something?
--Todd
> :)
>
>
|
|
Message has 1 Reply:
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
