Password Requirements

Discussion in 'ASP General' started by David C. Holley, Mar 6, 2004.

  1. Any thoughts on requirements for a password? I've been thinking about
    the following...

    Minimum six characters
    Must contain at least 1 number and at least 1 letter
    Cannot contain the user's first or last name
    Cannot contain the user name of the person's email address
    Cannot contain the domain name of the person's email address
     
    David C. Holley, Mar 6, 2004
    #1
    1. Advertising

  2. David C. Holley

    Evertjan. Guest

    David C. Holley wrote on 06 mrt 2004 in
    microsoft.public.inetserver.asp.general:

    > Any thoughts on requirements for a password? I've been thinking about
    > the following...
    >
    > Minimum six characters
    > Must contain at least 1 number and at least 1 letter
    > Cannot contain the user's first or last name
    > Cannot contain the user name of the person's email address
    > Cannot contain the domain name of the person's email address


    Good thinking, but it depends on the level of security required.


    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Mar 6, 2004
    #2
    1. Advertising

  3. David C. Holley

    Evertjan. Guest

    Alistair wrote on 06 mrt 2004 in microsoft.public.inetserver.asp.general:
    > "David C. Holley" <> wrote in message
    > news:%...
    >> Any thoughts on requirements for a password? I've been thinking about
    >> the following...
    >>
    >> Minimum six characters
    >> Must contain at least 1 number and at least 1 letter
    >> Cannot contain the user's first or last name
    >> Cannot contain the user name of the person's email address
    >> Cannot contain the domain name of the person's email address
    >>

    >
    > why not generate a random password for each user??


    Why not generate a random user for each password??

    Perfect security !!

    ;-}

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Mar 6, 2004
    #3
  4. David C. Holley

    Bob Barrows Guest

    Evertjan. wrote:
    > Alistair wrote on 06 mrt 2004 in
    > microsoft.public.inetserver.asp.general:
    >> "David C. Holley" <> wrote in message
    >> news:%...
    >>> Any thoughts on requirements for a password? I've been thinking
    >>> about the following...
    >>>
    >>> Minimum six characters
    >>> Must contain at least 1 number and at least 1 letter
    >>> Cannot contain the user's first or last name
    >>> Cannot contain the user name of the person's email address
    >>> Cannot contain the domain name of the person's email address
    >>>

    >>
    >> why not generate a random password for each user??

    >
    > Why not generate a random user for each password??
    >
    > Perfect security !!
    >
    > ;-}


    Unless someone gets the password from the post-it note stuck on the user's
    monitor ... ;-)

    Bob Barrows


    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows, Mar 6, 2004
    #4
  5. David C. Holley

    Evertjan. Guest

    Bob Barrows wrote on 06 mrt 2004 in
    microsoft.public.inetserver.asp.general:
    > Evertjan. wrote:
    >> Alistair wrote on 06 mrt 2004 in
    >>> why not generate a random password for each user??

    >>
    >> Why not generate a random user for each password??
    >>
    >> Perfect security !!
    >>
    >> ;-}

    >
    > Unless someone gets the password from the post-it note stuck on the
    > user's monitor ... ;-)


    That is the beauty of my scheme, Bob:

    As the user is random,
    your someone will never know which user a password belongs to.

    The top security effect is
    that even no legitimate user will be able to log on.

    This effect has a triple advantage:
    1 program bugs and html bugs do not have to be repaired.
    2 the database does not need holding any sensitive data.
    3 even Californian blackouts have no serious business disadvantages.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
     
    Evertjan., Mar 6, 2004
    #5
  6. David C. Holley

    David Holley Guest

    I think you all need therapy. One a related note though, I used to work
    for an organization with multiple hotel properties & entertainment
    venues (a whole kit-n-kabodle in fact). One day, my boss and I came up
    with the idea of enhancing our property management system so that
    anytime a guest received a credit for an inconvienice(sp), the system
    would randomly select a location to charge for the credit, as opposed to
    the front desk paying for it - something for which we did often.

    David H.



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    David Holley, Mar 7, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul
    Replies:
    3
    Views:
    622
  2. AAaron123
    Replies:
    2
    Views:
    2,332
    AAaron123
    Jan 16, 2009
  3. AAaron123
    Replies:
    1
    Views:
    1,395
    Oriane
    Jan 16, 2009
  4. Bryan Harrington

    password requirements

    Bryan Harrington, Nov 24, 2003, in forum: ASP General
    Replies:
    4
    Views:
    140
    Rob Meade
    Nov 25, 2003
  5. Replies:
    7
    Views:
    244
    Matthias Reuter
    May 29, 2009
Loading...

Share This Page