Quote:
Originally Posted by MaDalton
since people tend to use the same passwords everywhere only one security breach on one site can compromise all other sites where that person signed up. it's pretty common to try out existing user/pass combinations.
does not prevent posting of user/pass somewhere, but decreases the chances of password hacks
|
That's a very good point.
Then again, what is one trying to protect: user stupidity or content of a site the user joins up with? As we all know, "security is a myth". Does one make the user jump through hoops to join, or just let the user in. One can even implement a solution that keeps track of logged in accounts and denies subsequent logins from the same account if a threshold is met. Then you run into dumb users sharing their logins and not realizing they were stupid and you have a help desk issue as Manowar pointed out.
I've got no answers. I just hate auto-generated passes.