Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Here is an interesting thought. What is the most ethical way to deal with passwords to a site for use by the general public?

When dealing with an educated group of users, it is obvious that the passwords should be encrypted somehow, so that neither the outside world, nor the site administrators can read the list, thus closing the temptation/possibility of someone unscrupulously reading the password list, and potentially gaining access to user accounts on another site. That is not to even mention to additional protection that this offers from crackers.

I say an educated group of users, because these are the people who won't, flip out and complain if you change their password in order to allow them to resume access to the site after having lost the original. I know it sounds inane, but I have recieved calls before yelling at me about how I changed their password to some crazy mix of letters and numbers, and obviously, I am a complete *******.

Is it better to maintain a plain-english list of passwords on my site, allowing me to automatically send them their password back to them, thus avoiding this situation?

I would have to say no. So, where to from here? ALTERNATIVES!

I think that I shall start with the obvious
  • Birthdate
  • Mother's maiden name
  • Some backup password
  • Names of rock stars
  • @#$^$^#%^# (Profanities)
Of course, these require extra overhead and longer registration forms. So, what IS the answer that I am looking for? Perhaps a long form letter explaining WHY their password is so crazy... or a redirection to a web page, that has the option to change their password on it? This is the solution that I am leaning towards at the moment. Perhaps some other monks could lend me suggestions... bearing in mind that the users that this site is aimed towards can barely turn on a shower without much help, let alone be troubled with anything more difficult than a mouse click on their computer. Also, this could be a fun thread to start suggestions of what to change the passwords to ;-)

Just Another Perl Backpacker

In reply to Ethics of Passwords by Nitsuj

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2022-12-06 21:37 GMT
Find Nodes?
    Voting Booth?

    No recent polls found