GoFuckYourself.com - Adult Webmaster Forum - View Single Post - How can i punish a member that first gives away his password and then charges back?

signupdamnit · 03-23-2011, 08:00 AM

Instead of long random usernames and passwords you might consider a more hybrid approach. Let the user pick their own unique username. Also allow them to pick their own reasonable password with minimum requirements but add on a second component which is something easily remembered to help ensure it is more secure than a straight user password alone.

User picks "Zygote5" as password. Randomized component is "blue"
Actual Password: "Zygote5-blue"

The second component isn't secure in itself but it adds enough complexity to the user password to make it more difficult to brute force (there are easily over 100,000 usable words to use) even if the user chosen portion of the password is extremely weak.

The downside is making the user understand that they must enter "Zygote5-blue" and not just "Zygote5" but the key there is informing the user of this in the UI.

Phonetic passwords may actually be a better choice if you insist on random passwords. Other security measures such as captchas coming into play after a bad attempt would also go a long way. There are many possibilities.

03-23-2011, 08:00 AM
signupdamnit Confirmed User Industry Role: Join Date: Aug 2007 Posts: 6,697	Instead of long random usernames and passwords you might consider a more hybrid approach. Let the user pick their own unique username. Also allow them to pick their own reasonable password with minimum requirements but add on a second component which is something easily remembered to help ensure it is more secure than a straight user password alone. User picks "Zygote5" as password. Randomized component is "blue" Actual Password: "Zygote5-blue" The second component isn't secure in itself but it adds enough complexity to the user password to make it more difficult to brute force (there are easily over 100,000 usable words to use) even if the user chosen portion of the password is extremely weak. The downside is making the user understand that they must enter "Zygote5-blue" and not just "Zygote5" but the key there is informing the user of this in the UI. Phonetic passwords may actually be a better choice if you insist on random passwords. Other security measures such as captchas coming into play after a bad attempt would also go a long way. There are many possibilities.