At 4:06 PM -0500 12/28/10, Daniel Brown wrote:
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen <dotanco...@gmail.com> wrote:


 Did you know that when you type 'brown1' we see it as ******? Your
 system does that automatically.

    That's how I see it, too.  It took me fourteen years to realize
that my password wasn't just six asterisks

Damn! Now, I have to change my password. Maybe I'll change it to "*****1"

But seriously, I teach my students to find something that they can remember that doesn't appear in their personal data (i.e., tel number, address, SS, DOB, whatever).

I suggest using a phrase such as "An Apple A Day Keeps The Doctor Away" and combining it with a favorite number (i.e., "18") producing a password of "AAADKTDA18".

Additionally, one can also make access to their data a bit more secure by changing their user id to something not personal either, such as "mightymouse".

As for trimming passwords and user id's, I have always done that with an explanation of what characters are allowed/required in a password -- leading/trailing spaces are not. From my perspective, if a user provides a space before/after their password, then thay have made a mistake and it's automatically trimmed regardless. As such, the practice either way does not affect anything -- it works both ways.

This is from experience in dealing with users (10k db's) complaining that their user ID and/or password has somehow changed because they entered JohnDoe, johndoe, and finally johnDoe and couldn't access their account only to find that their user ID was actually jdoe. I don't want to complicate my life further by allowing leading/trailing spaces into the mix.

BTW -- One of my banks told me that my user id had to be uppercase, but when I entered my user id in lowercase, it worked. There should be consistency between what the user is told and what is practiced.

Make your life simpler.

Cheers,

tedd

--
-------
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to