[prev] [thread] [next] [lurker] [Date index for 2004/01/23]
On Fri, 23 Jan 2004, Mark Fowler wrote: > I can't remember my passwords for websites. I'm sorry, but it's just not > worth my while remembering the password for your random site. Hell, I > can hardly remember my password for my online banking - there's no way I'm > going to memorise the details of my Bob's online bait house emporium > account. > > Most web site designers have realised this. I like the fact that most > sites can mail me passwords if I click on the 'ooops I'm a moron' button > (or mail me a link that will let me reset my passwords, which is better as > it never sends what might be a sensitive password over cleartext.) > > Other sites haven't. They expect me to email a real person. Real people > are slow. And real people get pissed off if you mail them every couple of > weeks. Guilty! The problem is that I really don't want to store people's passwords anywhere on the site. There is just too much chance of them leaking out (due to our organization policies quite a few people have access to the server that really should not IMO). So I only store the encrypted version. Then the code to regenerate a random password and assign it to the user becomes a little more complicated. But I'll get around to writing it soon ;--) Sorry about that... -- Michel Rodriguez Perl & XML http://www.xmltwig.com
Generated at 14:02 on 01 Jul 2004 by mariachi 0.52