>I generate passwords using KeepassX -- by default that includes special >characters. I gave up on that idea for websites. I can handle the >rejection of a password, but I had more than one case where the password >was originally accepted, but then couldn't be used. In the most extreme >case they actually send me the password back via automated email >triggered by the "Forgot password" link, but trying to log in with it >just told me that username or password must be wrong. > > Peter
To me, the way that websites use slightly different, but tediously enforced rules, and that they all have to take on the burden for password storage, is really detrimental to security. I wonder if a greater push for everyday websites to use OpenID would counter the inconsistent and occasionally incompetent attempts to 'do' usernames and passwords correctly. Hopefully any security experts here could correct me if I'm wrong. ~ Graham -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
