[sldev] [VWR] Improving Authentication Security

Jason Giglio gigstaggart at gmail.com
Sat Sep 29 12:30:13 PDT 2007

Previous message: [sldev] [VWR] Improving Authentication Security
Next message: [sldev] Script Synchronization (Was [SCULPTIES] New Scripting Functions)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nicholaz Beresford wrote:
> Same goes to the security vulnerability of "Remember
> password" or using brain dead or weak passwords.  If
> people want to use it, let them (which is what you do
> anyway).

One more thing, I'm not really sure it's a good idea to let them use 
completely brain dead passwords.

Right now the system accepts "password", "god", "GigsTaggart", or any 
number of really terrible passwords.  Surely we could reject the worst 
of these?

http://jira.secondlife.com/browse/WEB-314

It's kinda silly to go to all these lengths to provide a secure system, 
if we so easily let the user undermine it.

I know silly web forums that require stronger passwords than SL does!

My bank would never say "oh it's ok you use 'god' for your password". 
Sometimes my SL account has more value on it than my checking account!

-Jason

Previous message: [sldev] [VWR] Improving Authentication Security
Next message: [sldev] Script Synchronization (Was [SCULPTIES] New Scripting Functions)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list