> Well it's up to you wether or not to encrypt passwords, but it's very
> irresponsible not to. If somebody cracks your system, chances are
> they'll get passwords that can be used on accounts your users have
> in other places, so your customers suffer more than they should for
> your lax in security.
In a way that's also the user's responsibility, though... for example, the
passwords I use personally are divided into different levels of security.
If some BS site makes me sign up for a newsletter or something, I usually
give them the least-secure password. And the levels go on up, till we get
to stuff like server admin passwords, etc. It's all about knowing how much
to trust a site. Low-level passwords are generally used so often the only
point of using it is to fill in the space ;) Higher-level passwords should
be regarded as top secret info...
About determining what to use on your own site...
Think about what your users are likely to do. Although I personally use a
fairly tight multiple-level password system, many people use their pet's
name for every password they'll ever use... this is especially true for
those who are less familiar with computers & the Internet. I think it's a
good idea, no matter what kind of system you're building, to warn users of
the risks involved with passwords and give them a good guide for creating
an unguessable (and even cracking time intensive) password. At least then
you've made an attempt to educate your visitors; if you then store their
passwords in clear text and your system gets hacked, you've pushed the
blame from yourself to the visitor (ie, "you should've known not to use the
same password with hotmail, my site, and paypal").
[Sheesh this is getting longer than I intended for it to...]
Even so, I still recommend sticking with MD5 or Password-encrypted
passwords. The sites that offer to send passwords are inherently less
secure, and any client that's looking for high-security should _not_ send
passwords back to users. Just generate a new password and send it to the
user. (An even better solution involving an email containing a link was
posted a bit earlier today.) Hell, PayPal, who _better_ have its mind on
security, sends a new generated password to a confirmed physical mailing
address... that'd be pretty paranoid, but it's reassuring since the site
holds credit card info, bank account info, hell I think it even has each
user's social security number.
Ok, well that's my 2 cents (or was it more like 4?)...
Regards,
--Toby
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
