Re: Re: Do you trim() usernames and passwords?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Dec 28, 2010, at 11:51 PM, Paul M Foster wrote:

> On Tue, Dec 28, 2010 at 11:28:12PM -0500, Joshua Kehn wrote:
> 
>> On Dec 28, 2010, at 6:28 PM, Paul M Foster wrote:
>> 
>>> On Tue, Dec 28, 2010 at 03:11:56PM -0500, Joshua Kehn wrote:
>>> 
>>>> Specifically:
>>>> 
>>>>>> Dotan Cohen wrote:
>>>>>>> I seem to have an issue with users who copy-paste their usernames and
>>>>>>> passwords coping and pasting leading and trailing space characters.
>>>> 
>>>> Users should not be copy-pasting passwords or usernames. Do not compromise a system to cater to bad [stupid, ignorant, you pick] users. If this is an issue then educate the users. 
>>>> 
>>> 
>>> Wrong. I use a program called pwgen to generate passwords for me, which
>>> I cannot remember. I use another program I built to store them in an
>>> encrypted file. When I have to supply a password which I've forgotten
>>> (as usual), I fire up my password "vault", find the password, and paste
>>> it wherever it's needed. Users would be wise to follow a scheme like
>>> this, rather than using their dog's name or somesuch as their passwords.
>>> 
>>> Paul
>>> 
>>> -- 
>>> Paul M. Foster
>>> http://noferblatz.com
>>> 
>> 
>> What is "wrong?" That users should not be copy-pasting passwords or don't compromise the system?
>> 
>> I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. 
>> 
> 
> And so you assume everyone can do that? I can remember maybe 5 of the
> passwords I regularly need. (I rarely repeat passwords for different
> sites.) In addition, some passwords have been *assigned* to me and
> cannot readily be changed (and are usually difficult to remember). Many
> of the rest I so seldom use that it would be silly to try to remember
> them. Particularly when I do have a password-locked file I can use to
> record them for me.
> 
> Under the circumstances I described, I have yet to hear in what way
> copying and pasting passwords compromises security of anything by
> itself. Please enlighten me.
> 
> Paul

I believe you misunderstood. I believe that trimming passwords to remove spaces is a compromise of the system, not the copy-paste. 

Regards,

-Josh
____________________________________
Joshua Kehn | Josh.Kehn@xxxxxxxxx
http://joshuakehn.com


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux