To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 6452
6451  |  6453
Subject: 
 Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
Newsgroups: 
 lugnet.admin.general
Date: 
 Mon, 24 Apr 2000 03:41:39 GMT
Viewed: 
 3479 times
  
I can't believe that Larry posted this twice (accident maybe, maybe not). I
am with Larry on this one.  This is a problem that requires a simple
solution.  Please do not confuse simple with simplistic.  It is a
complicated problem; the solution, while perhaps complicated in it's
synthesis, needs to be simple.  Listen to Larry, he will guide you toward
the light!

Build On!

John Matthews
(It's not my fault that Larry is usually right)


Larry Pieniazek <lar@voyager.net> wrote in message
news:FtHnrw.IM9@lugnet.com...
In lugnet.admin.general, Richard Franks writes:

I'd be happy with a user-responsible password for membership logins (ie • 90% of
membership use including posting privilidges), but with authorisation • through
a
LUGNET-validated password for more intimate services (ie financial).

I wouldn't.

Look. I've read through the plan several times. There is nothing there • that
needs this *insane* level of protection. Nothing. Really.

We are *not* talking missile lanuch codes here, people.

Two levels of passwords is ridiculous. And what is safer, a sort of easy • to
crack password that is memorised, or a hard to crack password that is kept • in a
cookie and written on a sticky and kept in the users wallet? The latter.

Use the checker to tell the user that their password isn't very secure and • that
the system can't be held responsible if someone hacks it and starts • posting
under their name, submitting ratings, or heaven forbid, puts in some bids • or
transfers funds out of their account to another user's account.

Then ask them if they're OK with that and OK with the fact that the system
*isn't* their daddy and isn't going to be able to protect them from every
conceivable thing that could go wrong. Let's get a grip. We are NOT • talking
power plant control codes either.

++Lar



Message has 1 Reply:
  Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
 
(...) It was an accident and I would appreciate the first one being cancelled. There is a difference in phrasing of less than 1% between the first and second, but it's crucial. (...) I appreciate the support but I don't actually agree with John. At (...) (25 years ago, 24-Apr-00, to lugnet.admin.general)  

Message is in Reply To:
  (canceled)
 

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR