Web lists-archives.com

Re: [PHP] Password filter




Ash:

I agree, but tell that to my client.

Cheers,

tedd

> On Jan 12, 2018, at 1:05 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> 
> 
> On January 12, 2018 5:44:25 PM UTC, Per Jessen <per@xxxxxxxxxxxx> wrote:
>> Tedd Sperling wrote:
>> 
>>> Hi Gang:
>>> 
>>> Does anyone have a password filter? IOW, a routine/function where it
>>> rejects any password that does not conform to certain rules such as
>>> “At least on Capital letter. At least one Number. At least one
>> Symbol”
>>> and such? I know, I hate those things myself — because I use phrases
>>> and it annoys me when these “Know it all” routines stop me from using
>>> pass-phrases I like, but I’ve had an order from a client and never
>>> argue with a client.
>> 
>> Sounds like a pretty simple regex. 
> 
> Minimum length should be your only real requirement. Transposing letters for numbers/symbols serves only to make the password harder to remember (and thus end up on a post-it note stuck to the computer) but does little to the amount of time it takes to crack.
> 
> Obligatory xkcd reference: https://xkcd.com/936/
> 
> Thanks,
> Ash
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

_______________
tedd sperling
tedd@xxxxxxxxxxxx






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php