Hampton Roads, VA - 07.05.2009
Forecast
72°
Mostly Cloudy
Forecasts | Doppler Radar
Traffic Cameras & VDOT Alerts
Home » Community » Blogs

digITall

digITall is IT news, discussion and comments from experts in the field for the ones who Dig IT.
Category: Technology Subscribe to this blogSubscribe to this blog
 06 September 2008 | 2:01 PM

I forgot my password

Working with and supporting the IT needs of a large and diverse end user base it always a challenge. Last week, a colleague of mine and I decided to make things easier for both our end users and the help desk.

Since our users are prone to forgetting their passwords and our budget is pretty much NULL, we decided to take matters into our own end by writing a web based, self service password reset program. Such program will allow our users to reset their password on their own.

Believe it or not, one week later, the program is functional. It's is definitely not a beauty, but hey, we are techies, not artists. After polishing the code, which by the way was pretty much put together by my colleague, and adding some extra functionality (we love to always add more stuff) we will be ready for the artistic part. For us, that means listening to a bunch of colleagues trying to dissect every word on the web pages, finding 'baby lingo', and adding colors and images.

The finished product's source code will be made available to the world and for anyone to improve upon and use for non commercial purposes.

 

Posted by |-Fidem-|

    View 2 comment(s)        Link to post

ADVISORY: Users are solely responsible for opinions they post here and for following agreed-upon rules of civility. Comments do not reflect the views of The Virginian-Pilot or its Web sites. Comments are automatically checked for inappropriate language, but readers might find some comments offensive or inaccurate. If you believe a comment violates our rules, click the "Report Violation" link below the comment to alert an editor. Update on new comment functions.

PassPhrases

Submitted by adifabio on Sat, 09/06/2008 at 11:20 pm.

The AD "Passwords must meet complexity requirements" is not that bad.

Not contain significant portions of the user's account name or full name Be at least six characters in length Contain characters from three of the following four categories: * English uppercase characters (A through Z) * English lowercase characters (a through z) * Base 10 digits (0 through 9) * Non-alphabetic characters (for example, !, $, #, %)

The easiest password would contain at least 1 upper, 1 lower and 1 number. This cam be easily accomplished with S0ngTitles, Addr3sses, Names/B1rthday, etc ;-) I am with you on passphrases. If our user could only think out of the box ...

report violation

Hmm

Submitted by Ethan on Sat, 09/06/2008 at 4:38 pm.

What's the point of passwords, if they can be easily reset? I'd say loosen up the rules on having to generate an obnoxiously hard password (Must contain upper and lower case, a math formula, and 2 hi-bit ASCII characters). To be honest, pass phrases are probably a better solution. There are advantages to full phrases over words, especially with rainbow tables (lookup tables of pre-calculated password hashes) that revolve around the lanman hashes.

report violation

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please note: Threaded comments work best if you view the oldest comments first.

Toolbox