Don’t vet Passwords!

Please note: This post was written 7 years ago, which is an age in programming terms, so please don't treat this as gospel! I'll be updating all posts soon enough, but if you'd especially like this one to be updated let me know.

Security Padlock

I've designed loads of forms in my time, some for collecting random data, some for logging in, and some for user sign up. I usually employ form validation to make sure it's a valid email, and a valid phone number etc, but I never check the password (unless it's for length). I myself like to sign up to each and every service I come across and generally I'm satisfied with what I get in terms of form design. However there are some websites that tell me that my password can only contain letters and numbers! Most of my passwords are 17 characters or longer, with letters, numbers and symbols, so when a site tells me I should effectively make my password less secure I get really annoyed.

Companies like Google and Microsoft never stop telling up to make our passwords more secure, Facebook and Twitter say the same, so why on Earth should websites be asking us alter them? I for one cannot see why developers are intent on doing this? MySQL Injection - no! Unless of course they've never heard of mysql_real_escape_string(), but I doubt that.

So what I really want to say is this - don't ask users to exclude certain components from their passwords! And if you know the reason for this travesty, please feel free to comment and make me look like an idiot 😉

***

If you found this particularly useful and want to share the ♥ you can donate here.

***

1 Response

  1. WP Themes

    Amiable fill someone in on and this post helped me alot in my college assignement. Thanks you for your information.

    Reply


~ Comments are now closed ~

Get in touch here