I work in the application-security-products group of a giant software
company. It made me aware of two things I wouldn't thought of:
1. Lots of legal and regulations involved in the security business.
You should carefully check where you (or your client) stands
regarding that.
2. Sometimes (the folks next to me say - most of the times ;-) it
takes one bad password to download the whole database. So my bad
password can be your and the website's problem too (see 1).
As an IxD I'd hate to force strong password, but I guess sometimes
it's inevitable. In this case, your job is to make it bearable. For
all other cases, it's always good practice to promote strong passwords.
Good luck,
- Omri
On Aug 13, 2008, at 12:01 AM, Meredith Noble wrote:
- Enforcing strong passwords (vs. showing a password strength
indicator
but not enforcing it)
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
************************************************************************************
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... [EMAIL PROTECTED]
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help
