At 4:06 PM -0500 12/28/10, Daniel Brown wrote:
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen <dotanco...@gmail.com> wrote:
Did you know that when you type 'brown1' we see it as ******? Your
system does that automatically.
That's how I see it, too. It took me fourteen years to realize
that my password wasn't just six asterisks
Damn! Now, I have to change my password. Maybe I'll change it to "*****1"
But seriously, I teach my students to find something that they can
remember that doesn't appear in their personal data (i.e., tel
number, address, SS, DOB, whatever).
I suggest using a phrase such as "An Apple A Day Keeps The Doctor
Away" and combining it with a favorite number (i.e., "18") producing
a password of "AAADKTDA18".
Additionally, one can also make access to their data a bit more
secure by changing their user id to something not personal either,
such as "mightymouse".
As for trimming passwords and user id's, I have always done that with
an explanation of what characters are allowed/required in a password
-- leading/trailing spaces are not. From my perspective, if a user
provides a space before/after their password, then thay have made a
mistake and it's automatically trimmed regardless. As such, the
practice either way does not affect anything -- it works both ways.
This is from experience in dealing with users (10k db's) complaining
that their user ID and/or password has somehow changed because they
entered JohnDoe, johndoe, and finally johnDoe and couldn't access
their account only to find that their user ID was actually jdoe. I
don't want to complicate my life further by allowing leading/trailing
spaces into the mix.
BTW -- One of my banks told me that my user id had to be uppercase,
but when I entered my user id in lowercase, it worked. There should
be consistency between what the user is told and what is practiced.
Make your life simpler.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php