NYCPHP Meetup

NYPHP.org

[nycphp-talk] password strength enforcement

Allen Shaw ashaw at iifwp.org
Tue Apr 13 16:19:36 EDT 2004


Thanks to David for a clear and patient explanation of the practical side of
password strength enforcement.  Reading that sure seemed to be a lot more
useful than all the white papers and RFCs I could read on the topic (and
which I'll probably still read).

And, what a great essay from Clay Shirky.  Worth reading 2 or 3 times.  In
my non-profit world, where the bottom line is not measured in dollars
generated from a generalized customer base, but in serving the needs of an
existing group, this kind of philosophy is exactly what we're already
applying to our software tools, as with most of the other tools and
solutions we use.  It's the reason we have very frequently chosen to roll
our own sometimes clunky solutions, rather than hiring a service or buying
some "super-program" that's bigger, more expensive, and more complex than we
need.

To be honest, I believe the data management app that we're constantly
developing would fail most "Web School" tests of design quality or success,
but it functions well for its intended group, is easy to maintain and
develop, and will probably wind up lasting us for quite a while, as long as
it can change as quickly as our needs do.

Thanks for a great read.

- Allen

> This essay has some interesting points about designing software for
> specific, small, linked-offline communities:
> --> http://www.shirky.com/writings/situated_software.html
>
> Many of the points in there apply to how you make security decisions, too.
>
> David




More information about the talk mailing list