you shouldn’t be forced to use special characters in your passwords
From the Quartz Media magazine:
Quote:
|
That makes a lot of sense. Delay on wrong passwords can thwart brute force much better than anything else.
|
Ha! Get any IT security person to listen to commonsense, or for that matter read and take to heart the latest security thinking? Nonsense! In my experience dealing with IT security at organizations big and small they are routinely ruled by petty bureaucrats who get their kicks by making employees lives miserable while they chuckle in the back room watching everyone jump through endless pointless hoops that actually degrade security--keeps them in work.
|
As an aside, a very distant relative of mine once locked herself out from a school intranet, for the abhorrent system allowed other languages when changing password, but not on actual sign in.
A horror story. |
Quote:
- Bruce |
My pet hate is web sites (usually e-commerce sites) which use a "don't allow paste" command on their password input field (or other fields, for that matter). To my mind, this is detrimental to legitimate users (who are thereby being forced to use a password which is weak enough to be feasible to remember, and to type manually, instead of being copy-and-pasted from a password repository, as I prefer) while doing absolutely nothing for site security. (If i were trying to crack a site, using a buffer-overflow attack or the like, I wouldn't be dumb enough to allow my custom client to honour "no paste" requests.:rolleyes:)
Fortunately, this dubious behaviour can be overridden by using Firefox with the appropriate plugin; but it's a dumb idea nonetheless. |
Quote:
|
Quote:
|
All times are GMT +9. The time now is 05:18 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy