Casey K (casey) wrote in lj_dev,
Casey K

password security inconsistency

Is there a reason that the "password is too easy to guess" dialog box only comes up when logging in from clients such as Semagic or Deepest Sender, and not when logging in to the actual website? I know that it pops up if you update with the web client, but why not at login or even every time you post a comment with an insecure password?

And just to stir the pot a bit more, why the "suggestion" and not just requiring users to change? The FAQ states "Your LiveJournal password must adhere to the following guidelines" but then never does anything more than pop-up a box that lots of users get aggravated over and then ignore. It seems like requiring a password change is more secure (and is not unheard of), and even if they complain they will complain, get over it, and everyone can move on. Instead we get people who become "annoyed" with the pop-ups relayed by the clients and, instead of changing their password, stubbornly argue about it over and over.

Sorry if this is a sensitive issue-- I'm not necessarily trying to argue a clear point, just wondering if I missed some sort of previous public policy announcement/discussion about this stuff.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded