Just pondering. I failed a login attempt today on accident and found that the AO site gives me a wrong password error. Then I figured what the heck, "I wonder if it gives a failed password error?". To my suprise it does.
Just wondering if anyone has noticed that before? Seeing how AO is a security site to give the "best practice" approach to network security. Anyone see this as a oximoron considering AO (we) are security site that prides ourselves in dong the right thing..lol
Please do not take this out of context....just wondering if that can be fixed..lol
September 4th, 2006, 02:33 AM
Let me get this straight.... You think it's a problem that AO tells you you've entered an incorrect password?
User Sends: Incorrect password
User Receives: ERROR: Bad Password
User Sends: Incorrect username
User Receives: ERROR: Bad Username
User Sends: Incorrect username or password
User Receives: ERROR: Login Incorrect
You feel that Scenerio 3 is the way to go??? I love when I see security policies like this or people that mention this is bad security.
AO is a public forum.... Anyone can view your username... So if I enter your username and a password... I'm either logged in or it's a bad password... Do you really think that changing the error message provides a level of security greater than already exists? Someone will fail a log in and go oh... it must be the wrong password.. it really doesn't matter what the message says... It's common sense...
September 4th, 2006, 03:56 AM
At least it doesn't say "bad username" when you enter a correct password for an incorrect username :duh: