Title: Password timeoout suggestion Post by: phillipsjk on September 14, 2013, 08:10:27 PM Hello,
Waiting 45 seconds to re-enter your password can be frustrating. However, today I was busy during those 45 seconds because I entered the password from another website. I was changing my password on the other site. My suggestion: If the password is incorrect (presumably if the user-name is incorrect too to avoid a distinguishing attack), perhaps the intermediate screen should post suggestions for good security like: If you accidentally entered the password from another website, you should go change that password now. If your Password is on this list (http://daol.aol.com/articles/10-passwords-you-should-never-use/): you should change your password. If your password is on this list (http://splashdata.com/press/PR121023.htm): you should change your password. You should write your passwords down or keep them in a key-ring. Your passwords should be randomly generated. (This one will be controversial: however I think advice to never write down passwords results in password re-use or forgotten passwords). Edit: Removed Facebook link for top 25 list. I have no idea why a major news organization would link to a facebook page rather than a press-release. I have one theory: to keep the masses ignorant and dependent on them. Title: Re: Password timeoout suggestion Post by: b!z on September 15, 2013, 04:25:25 AM Also do not use the same password on multiple sites. Good point. Never recycle passwords. |