[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] password must be more complicated
From: |
Bob Proulx |
Subject: |
Re: [Savannah-users] password must be more complicated |
Date: |
Wed, 15 May 2013 12:35:35 -0600 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Jan Owoc wrote:
> Bob Proulx wrote:
> > Jan Owoc wrote:
> >> [1] http://www.passwordmeter.com/
> > That is pretty cute. I don't like the deductions section where it
>
> I didn't mean to say that this (randomly found) password checker is
> perfect.
No I was serious that I liked it. I didn't think it was perfect
either. But it is pretty nicely done and could be adapted to be
perfect. I thought it was perfect that you suggested it.
> Until this thread surfaced, I didn't know that a program like
> pwqcheck existed,
Me neither. But with seven billion people on the planet and a very
large number of them creating new things I am often seeing new things
for the first time. It keeps things interesting. :-)
> let alone what the phrase "pwqcheck options are:
> 'match=0 max=256 min=24,24,11,8,7' " meant.
Yes. That is a little obscure. I was personally happy to see it on
the web site because then I could go look it up. On a site catering
to technical people like Savannah I think that is quite nice. However
I know that for non-technical people that would be intimidating.
> I wanted to point out that a large portion of websites that require
> users to generate passwords either:
>
> A) have rules written out in human-readable form on what is an
> acceptable password (eg. have all 4 of these character classes AND
> be 7 characters long, or have 3 of 3 character classes AND be 8
> characters long, or be at least 24 characters long); the user can
> then count the characters in the password they've invented or
> generated, and know if it would pass
>
> B) have some sort of JavaScript-based instant-feedback whether the
> password is "poor", "acceptable", or "strong", with the minimum that
> the site accepts being "acceptable"; the user instantly knows if the
> password will be accepted without having to refresh the page
And C) where the user is given no information at all. :-(
> I think implementing "A" is much simpler than "B". Could we convert
> the phrase "min=24,24,11,8,7" into text that would be understandable
> to the average user of Savannah?
Good idea. I would suggest something but I lack the time at the moment.
> > It is Javascript but it is only there to provide immediate feedback to
> > the user. Any real security must exist on the server. And so would
> > still work just fine if Javascfript is turned off or unavailable such
> > as in lynx, w3m, and so forth.
>
> Yes, I meant to suggest the JavaScript in addition to the server-side
> checks, as "instant feedback" to the user. It's just that the
> JavaScript, assuming it runs properly, should accept/reject the same
> passwords that the server would then accept/reject.
Sorry. I was simply voicing the analysis out loud and agreeing with
you as to the benefit of it. I didn't mean to imply that I was
negatively critical of it.
By way of thought processes I am a big believer in "progressive
enhancement" over "graceful degradation". And I am sensitive to it
because so many sites go the opposite direction and are therefore
harder to use. So whenever I see a Javascript component I am always
analyzing it in those ways.
Bob
- Re: [Savannah-users] password must be more complicated, (continued)
- Re: [Savannah-users] password must be more complicated, Karl Berry, 2013/05/07
- Re: [Savannah-users] password must be more complicated, Jan Owoc, 2013/05/08
- Re: [Savannah-users] password must be more complicated, Bob Proulx, 2013/05/13
- Re: [Savannah-users] password must be more complicated, Jan Owoc, 2013/05/13
- Re: [Savannah-users] password must be more complicated,
Bob Proulx <=
- Re: [Savannah-users] password must be more complicated, Ineiev, 2013/05/17
- Re: [Savannah-users] password must be more complicated, Ineiev, 2013/05/14
Re: [Savannah-users] password must be more complicated, Bruce Korb, 2013/05/09