Also obviously it is a product of its time, but at some point it might be nice to encrypt the passwords and also instead of
emailing forgotten passwords, have a method to reset the password, perhaps with a validation token. --- Synchronet 3.18c-Win32
Re: Password Ideas
By: Michael Long to alt.bbs.synchronet on Thu Oct 15 2020 06:57 am
Also obviously it is a product of its time, but at some point it might be nice to encrypt the passwords and also instead of
emailing forgotten passwords, have a method to reset the password, perhaps with a validation token. --- Synchronet 3.18c-Win32
I'm a bit concerned about the plaintext user password storage as well. But most accounts are created via Telnet which isn't encrypted either... so not sure if its a big win or not. I know Mystic uses PBKDF2 with SHA512-bit hashing.
From Newsgroup: alt.bbs.synchronet
I'd like to suggest maybe not using O/0 and l/1 in the auto-generated passwords, as it can be a bit confusing depending on the terminal/font
Also obviously it is a product of its time, but at some point it might be nice to encrypt the passwords and also instead of emailing forgotten passwords, have a method to reset the password, perhaps with a validation token.
Sysop: | Gate Keeper |
---|---|
Location: | Shelby, NC |
Users: | 719 |
Nodes: | 20 (0 / 20) |
Uptime: | 101:44:25 |
Calls: | 9,249 |
Calls today: | 28 |
Files: | 5,288 |
D/L today: |
11 files (6,702K bytes) |
Messages: | 466,549 |