On Dec 28, 2010, at 8:52 AM, Dotan Cohen wrote:

> On Tue, Dec 28, 2010 at 15:27, Al <n...@ridersite.org> wrote:
>> Can't you simply specify the allowed characters that can be used for PWs and
>> usernames?
> No, I hate when websites do that. It leads to less secure passwords,
> not more secure, and it is passing the burden of fixing the issue onto
> the user.
>> I always do, e.g., 6-8, case sensitive, alphanumerics, and the following
>> characters: "@, #, $, %, &, *, -".
>> Then, I trim() and check the submitted PW for any exceptions to the rules.
> I regularly use other characters in my passwords. Of the top of my
> head, I have passwords with the tilda, underscore, and exclamation
> point. Sites that don't let me use them don't get my business.
> Seriously. I once even switched banks twice in one week: once because
> the old bank's website did not work with Firefox in Fedora, and the
> second time because the new bank's website would not let me use an
> exclamation point in my password. I might be an extreme example, but
> it is behaviour that I do not agree with.

I completely agree with your method. I too, have switched banks and other 
online services because of developer / programmer laziness. 

Reply via email to