[IRCServices] Suggestion

Imran Ali Rashid u970042 at giki.edu.pk
Mon Mar 19 06:06:02 PST 2001


> Why don't you just email the password to them when they register, so they
> can look it up if they forget it. If they lose the EMail as well, they will
> lose the AUTH EMail too. So your (in my eyes, quite complicated system of 2
> passwords) becomes obsolete.
> I don't really see the use of this system. You can do whatever you want, but
> you'll never be able to eliminate the stupidness of the users ;-)
> You could even force passwords to contain numbers or special chars if you
> want a higher security level.

The reasoning behind this was the same as the one for password guessing. The system
prevents the damage from easy to guess passwords, by using a separate code in the
AUTH system which is not guessable.
Of course, the stupidity of the users has always been an issue and can not be worked
around, or eliminated completely, assuming you would even want to try ;-)

I guess there could be an option to force passwords to be more secure. Thats a good
idea for starters.

Imran Ali Rashid