Ernie wrote: > There is nothing wrong with the system suggesting if a password is strong or weak in the programmers opinion, > however a site administrator should still be able to set what password they want. If a person can't remeber a > password because it's too hard, then they will either set it to auto entry, or write it down on a postit note or > something equally insecure.
I could not disagree more strongly. I have had boxes hacked by weak passwords. I have found that users bitch when you hem and haw while explaining the policy. However if you explain the policy like it is absolute law that cannot be changed then they do not complain as much, they then tend to accept it and move on. When a user asks about the password restriction and if anything can be done about it "just for them" or "just this once" I very quickly but politely say "no, we have these policies hard coded into all our servers for a reason, and it is there to protect them and their account whether they realize it or not." I have NEVER had a client leave over the strong password policy but the clients whose accounts were hacked... you bet your life they canceled their service with me. Something to think about. M Aronoff Out _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
