Here is an interesting thought. What is the most ethical way to deal with passwords to a site for use by the general public?
When dealing with an educated group of users, it is obvious that the passwords should be encrypted somehow, so that neither the outside world, nor the site administrators can read the list, thus closing the temptation/possibility of someone unscrupulously reading the password list, and potentially gaining access to user accounts on another site. That is not to even mention to additional protection that this offers from crackers.
I say an educated group of users, because these are the people who won't, flip out and complain if you change their password in order to allow them to resume access to the site after having lost the original. I know it sounds inane, but I have recieved calls before yelling at me about how I changed their password to some crazy mix of letters and numbers, and obviously, I am a complete *******.
Is it better to maintain a plain-english list of passwords on my site, allowing me to automatically send them their password back to them, thus avoiding this situation?
I would have to say no. So, where to from here? ALTERNATIVES!
I think that I shall start with the obvious
- Mother's maiden name
- Some backup password
- Names of rock stars
- @#$^$^#%^# (Profanities)
Of course, these require extra overhead and longer registration forms. So, what IS the answer that I am looking for? Perhaps a long form letter explaining WHY their password is so crazy... or a redirection to a web page, that has the option to change their password on it? This is the solution that I am leaning towards at the moment. Perhaps some other monks could lend me suggestions... bearing in mind that the users that this site is aimed towards can barely turn on a shower without much help, let alone be troubled with anything more difficult than a mouse click on their computer. Also, this could be a fun thread to start suggestions of what to change the passwords to ;-)
Just Another Perl Backpacker
Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
Want more info? How to link
or How to display code and escape characters
are good places to start.