Think about Loose Coupling | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Here's what I'd do... one-way encrypt the users' passwords in storage, but send a one-time e-mail to their provided address which reads "Keep this message for future reference." However, one shouldn't underestimate the clever destructiveness of the generic-brand user.
If the occasion should arise that you NEED to e-mail the user a password, and you are concerned that the user may object to "sDFf34ggR," you might have one randomly auto-generated by combining 2 or more words from a LARGE list of pre-selected words, so you'd get things like "MONKEYCHAIR" and "FRISKYPERL". Heck you could even tack a random 2-digit number on that if you want a little more security; most of the level-headed users won't complain about only TWO random digits (I know, when I say "most of the level-headed users" it is more correct to say "'both' of the level-headed users"). Such passwords are quite easy to remember. Alan "Hot Pastrami" Bellows -Sitting calmly with scissors- In reply to RE: Ethics of Passwords
by Hot Pastrami
|
|