Passwords: does size matter, what characters?
Ted Roche
tedroche at tedroche.com
Fri Mar 10 08:06:01 EST 2006
On Mar 9, 2006, at 8:28 PM, Jason Stephenson wrote:
> I get frustrated with sites that won't accept punctuation.
Yup. It's as if they are saying they only want easy-to-crack
passwords used on their site.
> If you're storing these in a database for web site authentication
> purposes, then you'll probably want to store a hash of the password
> and not the actual password.
Yep, doing that already. No unsafe stuff that can be read in an SQL
dump.
> The other option is to use normal HTTP authentication and let
> htpasswd (if you're using Apache) manage the passwords for you.
Hmm. That's an obvious option I didn't consider.
> Anyway, that's about all I can think of that you haven't mentioned.
> I wouldn't impose too many restrictions on their input, but I
> wouldn't allow Joes (the user name as the password), and would
> probably require a minimum of 6 characters. Other than that, I'd
> let them enter what they will.
Thanks!
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
More information about the gnhlug-discuss
mailing list