On Tue, Dec 28, 2010 at 15:27, Al <news@xxxxxxxxxxxxx> wrote: > Can't you simply specify the allowed characters that can be used for PWs and > usernames? > No, I hate when websites do that. It leads to less secure passwords, not more secure, and it is passing the burden of fixing the issue onto the user. > I always do, e.g., 6-8, case sensitive, alphanumerics, and the following > characters: "@, #, $, %, &, *, -". > > Then, I trim() and check the submitted PW for any exceptions to the rules. > I regularly use other characters in my passwords. Of the top of my head, I have passwords with the tilda, underscore, and exclamation point. Sites that don't let me use them don't get my business. Seriously. I once even switched banks twice in one week: once because the old bank's website did not work with Firefox in Fedora, and the second time because the new bank's website would not let me use an exclamation point in my password. I might be an extreme example, but it is behaviour that I do not agree with. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
