[Chicago-talk] Password strength

Joel Limardo joel.limardo at forwardphase.com
Fri Aug 7 08:53:02 PDT 2015


If I'm not mistaken a strength meter tells the user 'hey..your password is
weak' which doesn't *force* them to change the password *nor* does it tell
them how to make a better one. As a rule of thumb, once you find yourself
acting on more than one assumption it is a good sign that you have too many
variables on hand to make a workable design.

I would instead a) force the user to enter a password of an appropriate
length with certain characters like numbers and symbols b) periodically ask
users to update their password (every 3 months, etc.) c) Disallow reuse of
passwords (store MD5 hashes somewhere) d) check IP addresses to identify
potential unauthorized access.

On Fri, Aug 7, 2015 at 9:35 AM, <richard at rushlogistics.com> wrote:

> I am using perl dancer to create a new user login page. I was surfing
> arround to try to find how to create a password strength meter when I found
> this http://www.perlmonks.org/?node_id=948997 which has me
> second-guessing as to whether having one is even a good idea. Can anyone
> lend some insight in this matter and perhaps where to go get a good one if
> you believe they are a good idea?
>
> Thanks,
>
> Richard
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150807/dca279a3/attachment.html>


More information about the Chicago-talk mailing list