[ale] OT: password gripe

adam prozaconstilts at gmail.com
Thu Dec 31 09:12:42 EST 2009 

Nah, it's just that way cause someone doesn't know how to escape special 
characters when they string compare your typed in password w/ the 
plaintext they keep in the database.

Adam

Richard Bronosky wrote:
> What you are complaining about is companies not allowing strong
> passwords. I agree, that is crazy. The internet standard is to hash a
> users password with their name (unique to the user) and a salt (unique
> to the site) and store only the hash making password recovery
> impossible, only password reset. So, the only reason to not accept
> punctuation in a password is a) if your hashing algorythm can't handle
> it, or b) if your language/framework can't be trusted to protect
> against code injection. In most cases I would bet that b is in play
> and MSFT is in the application layer.
> 
> The other side of the coin is companies who come up with insane
> strength requirements. Of all of the best measures they put in place
> to force users to create good passwords, they have no power over the
> quality of your email password. And pwning someones email gives you
> the power to reset any password.
> 
> On 12/31/09, Geoffrey <lists at serioustechnology.com> wrote:
>> <rant>
>> I do my best to create good passwords.  I'm continuing to find various
>> companies that I do business with, restricting the character set for
>> passwords and/or length.  This drives me nuts because all my passwords
>> contain a combination of alphanumeric and punctuation AND long.  I'm
>> continuing to find companies who do not permit punctuation in a
>> password.  I just don't get it?  Do they not understand that they are
>> reducing the security of a password by restricting the character set?
>>
>> I called support for one company and they told me it was an 'internet
>> standard.'  I told them they were full of crap.
>>
>> What am I missing here?  Can anyone give me a good reason for such a
>> policy????
>> </rant>
>>
>> --
>> Until later, Geoffrey
>>
>> "I predict future happiness for America if they can prevent
>> the government from wasting the labors of the people under
>> the pretense of taking care of them."
>> - Thomas Jefferson
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>

More information about the Ale mailing list