[bbDev] Passwords
fel64 at loinhead.net
fel64 at loinhead.net
Thu Dec 6 21:49:32 GMT 2007
Sam's phpass change reminded me of this: it seems bizarre to me that bb
gives new users a random 6-digit password. That's really very insecure. If
it's expected that users change their password anyway, then why not go
whole hog and give them a securer 10-character letter-digit-symbol
monstrosity?
Moving slightly to the user interface rather than a technical detail, even
better in my opinion would be to make users activate their account by
setting their password when they get a link in the mail. I suspect that a
large proportion of people who register just copy and paste their
pregenerated digits to login the first time, then forget about it all and
have problems logging in next time. Additionally, account activation would
be nice to have; accounts that haven't been activated in a week, say,
could be deleted.
Felix
More information about the bbDev
mailing list