Subject:
|
Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Sun, 23 Apr 2000 21:31:27 GMT
|
Highlighted:
|
(details)
|
Viewed:
|
3378 times
|
| |
|
|
In lugnet.admin.general, Richard Franks writes:
> I'd be happy with a user-responsible password for membership logins (ie 90% of
> membership use including posting privilidges), but with authorisation through • a
> LUGNET-validated password for more intimate services (ie financial).
I wouldn't.
Look. I've read through the plan several times. There is nothing there that
needs this *insane* level of protection. Nothing. Really.
We are *not* talking missile lanuch codes here, people.
Two levels of passwords is ridiculous. And what is safer, a sort of easy to
crack password that is memorised, or a hard to crack password that is kept in a
cookie and written on a sticky and kept in the users wallet? The latter?
Hardly!
Use the checker to tell the user that their password isn't very secure and that
the system can't be held responsible if someone hacks it and starts posting
under their name, submitting ratings, or heaven forbid, puts in some bids or
transfers funds out of their account to another user's account.
Then ask them if they're OK with that and OK with the fact that the system
*isn't* their daddy and isn't going to be able to protect them from every
conceivable thing that could go wrong. Let's get a grip. We are NOT talking
power plant control codes either.
++Lar
|
|
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
