Re: Website Passwords

[prev] [thread] [next] [lurker] [Date index for 2004/01/23]

From: Michel Rodriguez
Subject: Re: Website Passwords
Date: 15:15 on 23 Jan 2004
On Fri, 23 Jan 2004, Mark Fowler wrote:

> I can't remember my passwords for websites.  I'm sorry, but it's just not
> worth my while remembering the password for your random site.  Hell, I
> can hardly remember my password for my online banking - there's no way I'm
> going to memorise the details of my Bob's online bait house emporium
> account.
>
> Most web site designers have realised this.  I like the fact that most
> sites can mail me passwords if I click on the 'ooops I'm a moron' button
> (or mail me a link that will let me reset my passwords, which is better as
> it never sends what might be a sensitive password over cleartext.)
>
> Other sites haven't.  They expect me to email a real person.  Real people
> are slow.  And real people get pissed off if you mail them every couple of
> weeks.

Guilty!

The problem is that I really don't want to store people's passwords
anywhere on the site. There is just too much chance of them leaking out
(due to our organization policies quite a few people have access to the
server that really should not IMO). So I only store the encrypted version.

Then the code to regenerate a random password and assign it to the user
becomes a little more complicated. But I'll get around to writing it soon
;--)

Sorry about that...

--
Michel Rodriguez
Perl & XML
http://www.xmltwig.com

Generated at 14:02 on 01 Jul 2004 by mariachi 0.52