My boss has asked me to seek out any reputable Standards-based documentation for end-user passwords for an e-commerce site. In particular, this site allows users to login with username/password and order food with their credit card on file. So we want to force them to use "suitable" passwords on their accounts. I've searched some of the obvious candidates, found nothing much, and am in the process of determining at least some of the basic "rules" for other similar sites. Of course, some of the rules might be like: If they haven't logged in for over 6 months then blah blah blah. I'm not going to be able to determine that in a realistic time-frame. Is there any sort of guide-line documentation maintained out there for specifc use-cases? Obviously the use-case of the password matters a great deal -- an ecommerce site minimum standard is hopefully more stringent than some stupid blog or something... But surely the Banks aren't all just making up their own rules as they go, are they?... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
