Subject:
|
Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sun, 23 Apr 2000 17:35:33 GMT
|
Viewed:
|
3142 times
|
| |
|
|
Todd Lehman skrev i meddelandet ...
> In lugnet.admin.general, Larry Pieniazek writes:
> > So are you going to enforce that people HAVE to set their passwords to
> > things that the validator feels don't suck,
>
> That is its purpose.
I think that's unwise (to _force_ people to use an acknowledged pw). Two
reasons:
- one cannot choose a password that is easy to remember --> it will be written
down in some easy accessible place.
- by disallowing some passwords, you are limiting the number of possible
passwords, i.e. you are making a brute force attack easier.
- the refutation of a password makes the customer irritated, especially if
there's no _obvious_ (to the customer) reason.
Test for a minimum length, and force a mix of letters (upper and lower case)
and numbers/special characters, and it will be good enough.
[OK, that was three things, but who said I can count?]
--
Anders Isaksson, Sweden
BlockCAD: http://user.tninet.se/~hbh828t/proglego.htm
Gallery: http://user.tninet.se/~hbh828t/gallery.htm
|
|
Message has 1 Reply:
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
