Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: Encoding charset of HTTP Basic Authentication
 Pete Cordell scripsit: > I'm surprised I'm in a minority of one on this. I've snipped out lots of > comments in a reply, but my basic position is that we shouldn't be > adopting a "buyer beware" position when it comes to handling passwords > when we know there are better ways to do it, and we have known that for > the best part of a decade. We (if by "we" you mean human beings collectively) have known for decades that two-factor authentication (two of "what you have", "what you know", and "what you are") is the minimum requirement for decent security. In particular passwords are a crappy implementation of "what you know", since people most of the time either don't know them (the post-it on the monitor) or do know them and so can anyone else. -- John Cowan cowan@ccil.org http://www.ccil.org/~cowan Statistics don't help a great deal in making important decisions. Most people have more than the average number of feet, but I'm not about to start a company selling shoes in threes. --Ross Gardler 
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
