|
|
|
|
|
|
by lbriner
645 days ago
|
|
|
"My theory is if you can’t make a proper login system you’re skills probably aren’t good enough to deliver on what you’re promising." Using that logic, I wouldn't trust most websites I visit. Even FAANG companies with their billions can't do certain things properly. Even something reallly basic like focus the 2FA box when you ask for the code, don't make me have to click on it! Don't stop people pasting passwords, don't limit how long the password can be (within reason) don't say they can't use arbitrary characters like a - because "SQL Injection" and don't invent riduculous hurdles like adding random digits from a secret word as well as your password. If you are going to do that, just ask for two passwords or tell people if you choose stupid passwords, you will be hacked! I like the password strength meter that doesn't block passwords that it has mistakenly decided are weak (20 random alpnanumerics) but instead estimates how quickly it could be hacked. People don't understand entropy but might understand "hacked in 5 minutes", they also don't want to be told that your password has to be at least 100 characters long with uppers, lowers, numbers, specials, klingon etc. If your system is that susceptible you are doing it wrong. |
|
|