At 4:06 PM -0500 12/28/10, Daniel Brown wrote:
On Tue, Dec 28, 2010 at 16:05, Dotan Cohen <dotancohen@xxxxxxxxx> wrote:
Did you know that when you type 'brown1' we see it as ******? Your
system does that automatically.
That's how I see it, too. It took me fourteen years to realize
that my password wasn't just six asterisks
Damn! Now, I have to change my password. Maybe I'll change it to "*****1"
But seriously, I teach my students to find something that they can
remember that doesn't appear in their personal data (i.e., tel
number, address, SS, DOB, whatever).
I suggest using a phrase such as "An Apple A Day Keeps The Doctor
Away" and combining it with a favorite number (i.e., "18") producing
a password of "AAADKTDA18".
Additionally, one can also make access to their data a bit more
secure by changing their user id to something not personal either,
such as "mightymouse".
As for trimming passwords and user id's, I have always done that with
an explanation of what characters are allowed/required in a password
-- leading/trailing spaces are not. From my perspective, if a user
provides a space before/after their password, then thay have made a
mistake and it's automatically trimmed regardless. As such, the
practice either way does not affect anything -- it works both ways.
This is from experience in dealing with users (10k db's) complaining
that their user ID and/or password has somehow changed because they
entered JohnDoe, johndoe, and finally johnDoe and couldn't access
their account only to find that their user ID was actually jdoe. I
don't want to complicate my life further by allowing leading/trailing
spaces into the mix.
BTW -- One of my banks told me that my user id had to be uppercase,
but when I entered my user id in lowercase, it worked. There should
be consistency between what the user is told and what is practiced.
Make your life simpler.
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
