in reply to Ethics of Passwords
Well the last ISP I worked for maintained a pretty simple
policy for passwords that worked out well.
We randomly generated them all and never stored them.
Sure the users didnt like weird long passwords but they never
complained much after we explained to them how much that improves security.
so its easy:
lindex
policy for passwords that worked out well.
We randomly generated them all and never stored them.
Sure the users didnt like weird long passwords but they never
complained much after we explained to them how much that improves security.
so its easy:
- Randomly generated a password on account creation
- If password is lost, match secret phrase (mother maiden name, etc ..)
and reset it with another randomly genereated password. - Make sure have a explanation on your page as to why you password policy is secure.
/****************************/ jason@gost.net, wh@ckz.org http://jason.gost.net /*****************************/
|
---|
In Section
Meditations