Also obviously it is a product of its time, but at some point it might benice to encrypt the passwords and also instead of
emailing forgotten passwords, have a method to reset the password,perhaps with a validation token. --- Synchronet 3.18c-Win32
Re: Password Ideas
By: Michael Long to alt.bbs.synchronet on Thu Oct 15 2020 06:57 am
Also obviously it is a product of its time, but at some point it might be nice to encrypt the passwords and also instead of
emailing forgotten passwords, have a method to reset the password, perhaps with a validation token. --- Synchronet 3.18c-Win32
I'm a bit concerned about the plaintext user password storage as well. But most accounts are created via Telnet which isn't encrypted either... so not sure if its a big win or not. I know Mystic uses PBKDF2 with SHA512-bit hashing.
From Newsgroup: alt.bbs.synchronet
I'd like to suggest maybe not using O/0 and l/1 in the auto-generated passwords, as it can be a bit confusing depending on the terminal/font
Also obviously it is a product of its time, but at some point it might be nice to encrypt the passwords and also instead of emailing forgotten passwords, have a method to reset the password, perhaps with a validation token.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 46:22:57 |
Calls: | 6,648 |
Files: | 12,198 |
Messages: | 5,329,853 |