Posted: Thu Sep 07, 2006 9:56 pm Post subject: Why does registration e-mail passwords?
The system requires passwords for new forum accounts to be at least 8 characters long, supposedly for greater security, but then it goes and e-mails the password to the new user once registration is complete. In my opinion, passwords should not be e-mailed to people if security is a concern. If security is not a concern, then let people enter passwords shorter than 8 characters.
Joined: Nov 21, 2005 Posts: 1285 Location: Witless Protection Program
Posted: Fri Sep 08, 2006 2:30 pm Post subject: Re: Why does registration e-mail passwords?
glenk1973 wrote:
The system requires passwords for new forum accounts to be at least 8 characters long, supposedly for greater security, but then it goes and e-mails the password to the new user once registration is complete.
In my opinion, passwords should not be e-mailed to people if security is a concern. If security is not a concern, then let people enter passwords shorter than 8 characters.
Welcome to NeoOffice community Forum.
<personal opinion> I manage several computer sytems and Web sites and it's ... hard to not send email passwords to users scattere about the world. BUT sending Passwords without including the Username on the same email is what I do for many sites.
I NEVER send both on one email because email messages can survive for a very long time. The Risk is small.
The reason for having passwords 8 or more characters (and should be non-dictionary words, include Upper and lower case, AND numbers and/or special characters) is because there are many programs that will try every combinition. Having at least 8 reduces the risk by greatly increasing the time and effort.
AND most systems will lock the account if there are 3+ failures.
The Internet is a very ... dangerous place. Others are not willing to take the additional ... risk.
The requirements are to protect you from those who would ... do you harm.
Philip ( up to my ... behind in Passwords -> Ou812-C? )
\ No real passwords were used, or hurt in this message!
Joined: May 25, 2003 Posts: 4752 Location: Santa Barbara, CA
Posted: Mon Sep 11, 2006 3:26 am Post subject:
Well, the real reason why passwords are e-mailed is because that's how phpBB+nuke were configured The underlying principle behind the e-mailing of passwords/registration isn't for security, but rather to try and ensure that the person trying to register is actually a human and not a spambot. Of course spambots are getting more clever and some are actually able to reply to registration e-mails too...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum