I agree. In addition, I think we should avoid not only "zero length password" but also weak passwords (e.g. 12345, qwerty, etc...).
This problem may be operation policy issue, however, might be considering. 2011/6/22 Marc Williams <[email protected]>: >>> * a method that hands over a password (or a password-equivalent) >>> * a method whose UI can be imitated by malicious sites. >>> >>> Of course there might be more items, please append. > > > > > A method which pemits zero length password authentication > > > Marc Williams > > _______________________________________________ > saag mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/saag > -- SHIMIZU, Kazuki _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
