Main » 2011 » Март » 16 » Storing Passwords considered harmful
Storing Passwords considered harmful
I'm sure many of you have noticed the story of the passwords on Invite them and other authors of web services to the debate.

The question is whether it was Bestpersons generally have a password to access the site (which, in general, and increases)? No matter how hard you try, you still keep passwords properly is unlikely to succeed.

Each time you offer the user to save the password (if new, to log on to your site or passwords from third-party service) - you take a very serious commitment to the security of this password. Some refer to this carelessly, some worse - but the problem is still possible, as happened with the resource being discussed.

All this fuss with passwords like some Intense desire to keep the house with bags of (foreign) cash. And it also knows that no matter which door - whether wood, steel is, even if the shotgun house store - still to come and rob. Do not reliable yet keep them in banks that offer money back anyway?

There are lots of options similar to the "cashless" that allow you to avoid storing bags of other people's money passwords. This is: OpenID, Clickpass, OAuth (though he meant for the other), API logins Yahoo!, Google, Facebook, Hotmail and other providers. From the Russian services for these purposes can be used Livejournal and "My Circle" that support OpenID.

Most people are physically unable to remember more than a dozen passwords and many do not want to remember more than one. And people are registered on hundreds or thousands of sites. Almost everywhere - with a password. Dirichlet's Principle, in general, is applicable here in full.

Unfortunately, it is impossible to limit myself so as to use only services that do not require a password to register - these are too small. But generally speaking, has long been the time has come for the growth of these services is all already there. What causes people to once again insert famous rake in their products?
Views: 598 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: