On Dec 28, 2010, at 8:52 AM, Dotan Cohen wrote: > On Tue, Dec 28, 2010 at 15:27, Al <news@xxxxxxxxxxxxx> wrote: >> Can't you simply specify the allowed characters that can be used for PWs and >> usernames? >> > > No, I hate when websites do that. It leads to less secure passwords, > not more secure, and it is passing the burden of fixing the issue onto > the user. > > >> I always do, e.g., 6-8, case sensitive, alphanumerics, and the following >> characters: "@, #, $, %, &, *, -". >> >> Then, I trim() and check the submitted PW for any exceptions to the rules. >> > > > I regularly use other characters in my passwords. Of the top of my > head, I have passwords with the tilda, underscore, and exclamation > point. Sites that don't let me use them don't get my business. > Seriously. I once even switched banks twice in one week: once because > the old bank's website did not work with Firefox in Fedora, and the > second time because the new bank's website would not let me use an > exclamation point in my password. I might be an extreme example, but > it is behaviour that I do not agree with. > I completely agree with your method. I too, have switched banks and other online services because of developer / programmer laziness.
