User Password Checks
Moderator: General Moderators
User Password Checks
Would it be all that secure to put any other password checks in besides a minimum password length?
Like a dictionary check, or a number check, etc.
Like a dictionary check, or a number check, etc.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Really, you shouldn't need to restrict passwords (theoretically speaking, there's no reason why it couldn't be binary data. Makes dictionary attacks a lot harder
)
String length, content in terms of composition of characters, digits, etc, perhaps an AJAX based server side dictionary check. Anything beyond that's just education.
String length, content in terms of composition of characters, digits, etc, perhaps an AJAX based server side dictionary check. Anything beyond that's just education.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Stronger character patterns are harder to guess at the entry point. I think that is the point of a strong password. When all is said and done, passwords are still entered in plain text in a users browser and passed through HTTP to a server. The harder to guess the better the password.Daedalus- wrote:If you are hashing it, it could be any character as it wouldn't matter what it's made up of because only a hash is going in the db.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm