On Tue, Dec 28, 2010 at 15:27, Al <n...@ridersite.org> wrote:
> Can't you simply specify the allowed characters that can be used for PWs and
> usernames?

No, I hate when websites do that. It leads to less secure passwords,
not more secure, and it is passing the burden of fixing the issue onto
the user.

> I always do, e.g., 6-8, case sensitive, alphanumerics, and the following
> characters: "@, #, $, %, &, *, -".
> Then, I trim() and check the submitted PW for any exceptions to the rules.

I regularly use other characters in my passwords. Of the top of my
head, I have passwords with the tilda, underscore, and exclamation
point. Sites that don't let me use them don't get my business.
Seriously. I once even switched banks twice in one week: once because
the old bank's website did not work with Firefox in Fedora, and the
second time because the new bank's website would not let me use an
exclamation point in my password. I might be an extreme example, but
it is behaviour that I do not agree with.

Dotan Cohen


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to