|Syntactic Confectionery Delight|
Ethics of Passwordsby Nitsuj (Hermit)
|on Aug 14, 2000 at 19:01 UTC||Need Help??|
Here is an interesting thought. What is the most ethical way to deal with passwords to a site for use by the general public?
When dealing with an educated group of users, it is obvious that the passwords should be encrypted somehow, so that neither the outside world, nor the site administrators can read the list, thus closing the temptation/possibility of someone unscrupulously reading the password list, and potentially gaining access to user accounts on another site. That is not to even mention to additional protection that this offers from crackers.
I say an educated group of users, because these are the people who won't, flip out and complain if you change their password in order to allow them to resume access to the site after having lost the original. I know it sounds inane, but I have recieved calls before yelling at me about how I changed their password to some crazy mix of letters and numbers, and obviously, I am a complete *******.
Is it better to maintain a plain-english list of passwords on my site, allowing me to automatically send them their password back to them, thus avoiding this situation?
I would have to say no. So, where to from here? ALTERNATIVES!
I think that I shall start with the obvious
Just Another Perl Backpacker