StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Fundamentally you want to prevent to major types of attacks</p> <ul> <li>Dictionary attacks</li> <li>Brute force attacks</li> </ul> <p>To prevent the first, you want to consider passwords containing common words weak. To prevent the second, you want to encourage passwords of reasonable length (8+ characters is common) and with a reasonably large character set (include letters, numbers, and special characters). If you consider lower case and upper case letters to be different, that increases the character set substantially. However, this creates a usability issue for some user communities so you need to balance that consideration.</p> <p>A quick google search turned up solutions that account for brute force attacks (complex password) but not for dictionary attacks. PHP Password Strength Meter from <a href="http://www.webresourcesdepot.com/10-password-strength-meter-scripts-for-a-better-registration-interface/" rel="nofollow noreferrer">this list of strength checkers</a> runs the check server-side, so it could be extended to check a dictionary.</p> <p>EDIT:</p> <p>By the way... you should also limit the number of login attempts per user. This will make both types of attacks less likely. Effective but not-user-friendly is to lock an account after X bad attempts and require a password reset. More user friendly but more effort is to throttle time between login attempts. You can also require <a href="http://www.captcha.net/" rel="nofollow noreferrer">CAPTCHA</a> after the first few login attempts (which is something that Stack Overflow requires after too many edits, or for very new users).</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload