On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:

> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
> > On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
> > 
> >> Specifically:
> >> 
> >>>> Dotan Cohen wrote:
> >>>>> I seem to have an issue with users who copy-paste their usernames and
> >>>>> passwords coping and pasting leading and trailing space characters.
> >> 
> >> Users should not be copy-pasting passwords or usernames. Do not compromise 
> >> a system to cater to bad [stupid, ignorant, you pick] users. If this is an 
> >> issue then educate the users. 
> >> 
> > 
> > Wrong. I use a program called pwgen to generate passwords for me, which
> > I cannot remember. I use another program I built to store them in an
> > encrypted file. When I have to supply a password which I've forgotten
> > (as usual), I fire up my password "vault", find the password, and paste
> > it wherever it's needed. Users would be wise to follow a scheme like
> > this, rather than using their dog's name or somesuch as their passwords.
> > 
> > Paul
> > 
> > -- 
> > Paul M. Foster
> > http://noferblatz.com
> > 
> What is "wrong?" That users should not be copy-pasting passwords or don't 
> compromise the system?
> I agree that users should not use weak passwords, but not everyone goes 
> everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 
> character full set passwords. 

And so you assume everyone can do that? I can remember maybe 5 of the
passwords I regularly need. (I rarely repeat passwords for different
sites.) In addition, some passwords have been *assigned* to me and
cannot readily be changed (and are usually difficult to remember). Many
of the rest I so seldom use that it would be silly to try to remember
them. Particularly when I do have a password-locked file I can use to
record them for me.

Under the circumstances I described, I have yet to hear in what way
copying and pasting passwords compromises security of anything by
itself. Please enlighten me.


Paul M. Foster

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to