Comments on: Creating a better site registration login http://www.adamduvander.com/simple/creating-a-better-site-registration-login Adam DuVander’s thoughts on keeping things simple. Mon, 09 Jan 2012 07:03:40 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Simplicity Rules » Blog Archive » Security and Privacy versus Simplicity http://www.adamduvander.com/simple/creating-a-better-site-registration-login/comment-page-1#comment-132 Simplicity Rules » Blog Archive » Security and Privacy versus Simplicity Fri, 05 May 2006 18:14:11 +0000 http://yamhill.adamduvander.com/news/creating-a-better-site-registration-login#comment-132 [...] Sometimes we have roadblocks, like security. I have so many site registrations that it can be a lot of work to guess my username and password. As a defense, I know many who have the same login for every site. What would security experts have to say about that? [...] [...] Sometimes we have roadblocks, like security. I have so many site registrations that it can be a lot of work to guess my username and password. As a defense, I know many who have the same login for every site. What would security experts have to say about that? [...]

]]> By: Adam http://www.adamduvander.com/simple/creating-a-better-site-registration-login/comment-page-1#comment-131 Adam Sun, 08 Jan 2006 20:53:00 +0000 http://yamhill.adamduvander.com/news/creating-a-better-site-registration-login#comment-131 I told you I'm not a security expert! This makes some sense, but I'm not so sure it's that big of a leg up, especially given trade-off of the trouble it can give a visitor trying to guess his own credentials. But I guess this is why I'm not in security. <a HREF="http://adamduvander.com/news/2005/11/year-of-optional-registration.html" rel="nofollow">Heck, I don't even want people to register at all</A>. I told you I’m not a security expert! This makes some sense, but I’m not so sure it’s that big of a leg up, especially given trade-off of the trouble it can give a visitor trying to guess his own credentials.

But I guess this is why I’m not in security. Heck, I don’t even want people to register at all.

]]> By: Mike Duffy http://www.adamduvander.com/simple/creating-a-better-site-registration-login/comment-page-1#comment-130 Mike Duffy Sat, 07 Jan 2006 05:44:00 +0000 http://yamhill.adamduvander.com/news/creating-a-better-site-registration-login#comment-130 It's driven by security: if you don't know a valid username, all the passwords in the world (including a correct one) are worthless. If someone is trying a brute force attack on a site, telling them whether they have a valid username is a big leg up, since then you can use a dictionary attack on the password side. It’s driven by security: if you don’t know a valid username, all the passwords in the world (including a correct one) are worthless. If someone is trying a brute force attack on a site, telling them whether they have a valid username is a big leg up, since then you can use a dictionary attack on the password side.

]]>