password security inconsistency: lj_dev

password security inconsistency

Is there a reason that the "password is too easy to guess" dialog box only comes up when logging in from clients such as Semagic or Deepest Sender, and not when logging in to the actual website? I know that it pops up if you update with the web client, but why not at login or even every time you post a comment with an insecure password?

And just to stir the pot a bit more, why the "suggestion" and not just requiring users to change? The FAQ states "Your LiveJournal password must adhere to the following guidelines" but then never does anything more than pop-up a box that lots of users get aggravated over and then ignore. It seems like requiring a password change is more secure (and is not unheard of), and even if they complain they will complain, get over it, and everyone can move on. Instead we get people who become "annoyed" with the pop-ups relayed by the clients and, instead of changing their password, stubbornly argue about it over and over.

Sorry if this is a sensitive issue-- I'm not necessarily trying to argue a clear point, just wondering if I missed some sort of previous public policy announcement/discussion about this stuff.

Post a new comment
Error

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
30 comments

Post a new comment
30 comments

Log in

password security inconsistency

Error