MS3FGX wrote:If this forum has better password policies than your bank, I would suggest you take it up with your bank, not us.
There is absolutely no reason in the world that you shouldn't be using strong passwords for all your online services. Just because you don't personally think a forum is important enough to have a password more complex than "Password" doesn't make it true.
UAirLtd wrote:if only there was a way of ensuring that people who choose to use weak passwords can have only themselves to blame when their money and identity gets stolen...
on a related note, our company policy is to use full alphanumeric+symbol passwords everywhere, we find that actually many sites don't allow a full range of symbols, and the only conceivable reason for this is if they weren't handling passwords in a secure way. Absurd!
In fact, one e-commerce solution that we use (a commercial, paid-for system, that is very popular and used by many other e-commerce sites on the internet), has some major issues with password - admin can view all the passwords. We asked them about it, and they claim that passwords are "encrypted in the database", and are "unencrypted for the admin panel", but that whole idea is pointless. There should be no instance where any admin needs to see user passwords at all, password-recover should never be possible, only password-resetting. We've had to disable user accounts entirely because of this, and we're only allowing anonomymous checkouts because of our concern about our users' data being compromised. If their e-commerce systems get hacked, we're damn well not going to allow our customers' data to be on there to be lost.
Users browsing this forum: No registered users and 4 guests