NYCPHP Meetup

NYPHP.org

[nycphp-talk] password strength enforcement

Allen Shaw ashaw at iifwp.org
Fri Apr 9 13:29:08 EDT 2004


I'll quote you this from a design doc we're about to implement.  We have
about 5 users now, basically our own internal team, so I did not originally
place much restriction at all on password format.  But we're about to open
big doors, and this is one of the guidelins we're planning to use.  Since we
haven't implemented it, though, I can't tell you how much or little
complaint I get from users about it.

·        A password must meet these criteria:

·        Must contain at least 6 characters

·        Must contain both letters and numbers

·        Must not begin or end with a number

·        May also contain US-English keyboard numbers and letters, spaces,
and any of these characters: ~ ` ! @ # $ % ^ & * ( ) _ - + = | : ; ' " . ,





Jon's point is intriguing, though, and I want to make time to investigate
CrackLib also.

- Allen
----- Original Message ----- 
From: "jon baer" <jonbaer at jonbaer.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, April 09, 2004 12:57 PM
Subject: Re: [nycphp-talk] password strength enforcement


> You should check out the CrackLib functions ...
>
> http://us3.php.net/manual/en/ref.crack.php
>
> - Jon
>

--
===========================================================
Allen Shaw                                  ashaw at iifwp.org
IIFWP Data and
    IT Services                        http://www.iifwp.org




More information about the talk mailing list