Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/16/2007 at 11:05 AM, Dave Reinken [EMAIL PROTECTED] said: A lot of software has trouble with two middle names or initials. When we moved to NY my wife had to get the manager of the DMV over to get her double middle name handled. They initially flat out refused to do it, despite the facts that a) it was on her marriage certificate, b) it was on her AZ driver's license, and c) it was on her social security card. They eventually let her keep it, but made her also use an initial for her first name so that it would all fit in their system. While it's not worth the expense, a writ of mandamus would have fixed it tout suite. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/16/2007 at 06:25 PM, R.S. [EMAIL PROTECTED] said: IMHO this is partially on topic. People provide strange names (off-topic) and hwoe they interact with computer systems (ON-TOPIC). AFAIK there is in some countries *official standard* for people's names. That only works for systems targetted to a single country. It solves majority of the problems: And infringes on personal liberty, especially in countries with multiple languages. It's certainly unacceptable in a multicultural society such as what the USA nominally has. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/16/2007 at 07:21 PM, Ted MacNEIL [EMAIL PROTECTED] said: BTS (a bit of topic), you know longer have to say 'his(her)', 'his/her', etc. I never had to, and I don't. A few years ago, an English standard of they (he/she) and their (his/her), they, etc. was accepted as inclusive language. It looks odd, at first. The use of they as a singular goes back much farther then the PC nonsense. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Ted MacNEIL wrote: If a customer has incompatible name - *not your problem*. The person should provide how to record his(her) name to standard format. I disagree. That is just another version of making the user conform to IT (a service), rather than IT conforming to the user. Of course you can disagree, but you can complain about government regulations, not on banking system. You can complain TO government, not to your bank. It is convenient for application developers (and whole IT): they should conform to the standard, no less, no more. Obviously, the standard should be flexible enough to accept vast majority of possible names, including some set of foreign ones. However there're names unacceptable to given system. For example, in Poland we don't use 'X' letter, but we accept it because of foreign names. But I'm pretty sure your system cannot accept any russian name, because they use completely different alphabet (cyryllic). Russian *have to* transliterate their names i.e in their passports. -- Radoslaw Skorupka Lodz, Poland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Of course you can disagree, Vehemently! but you can complain about government regulations, not on banking system. You can complain TO government, not to your bank. Since when? I get more response from the bank than the government. It is convenient for application developers (and whole IT): they should conform to the standard, no less, no more. Since when are we in the business of making it convenient for IT? If that is what we are here for, then we are in the wrong industry/business! We are service providers for our company and our customers. NOT for ourselves! . Questions? Concerns? (Screems of Outrage?) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 17 Jan 2007 01:22:59 -0800, [EMAIL PROTECTED] (R.S.) wrote: However there're names unacceptable to given system. For example, in Poland we don't use 'X' letter, but we accept it because of foreign names. But I'm pretty sure your system cannot accept any russian name, because they use completely different alphabet (cyryllic). Russian *have to* transliterate their names i.e in their passports. Our procedure for sorting was designed for a more limited alphabet as well. I don't know what dictionaries do about sorting upper and lower case words - I imagine they have some rules - but for us to sort mixed case words where we want them to be takes fancy coding (and analysis). Various languages use *almost* our alphabet. When various letter modifiers are part of the word or name, we want a consistent sort - with the accented letter sorted next to that unaccented letter. I've seen names sorted in L, M, Mc/Mac, N order - but not by computers.So far, we have told users to do things our way, partly because we don't want many standards. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Let's keep this thread on-topic please. If you wish to discuss M*A*S*H, do it offline. Darren -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 17 Jan 2007 02:17:06 -0800, in bit.listserv.ibm-main (Message-ID:[EMAIL PROTECTED]) [EMAIL PROTECTED] (Ted MacNEIL) wrote: It is convenient for application developers (and whole IT): they should conform to the standard, no less, no more. Since when are we in the business of making it convenient for IT? If that is what we are here for, then we are in the wrong industry/business! We are service providers for our company and our customers. I'm in agreement with Ted. You can read computers for robots in the following quotation: More and more people are being deprived of the power of decision, and being allowed only power of choice among the things robots allow. [...] We don't want our children to limit themselves to wanting what robots can provide! We don't want them shriveling to where they abandon everything robots can't give - or won't! We want them to be men - and women. Not damned automatons who live *by* pushing robot-controls so they can live *to* push robot-controls. - Murray Leinster in the novelette Exploration Team -- I cannot receive mail at the address this was sent from. To reply directly, send to ar23hur at intergate dot com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
At 10:48 -0500 on 01/16/2007, Thomas H Puddicombe wrote about Re: Forbidding Special characters in passwords: The assumption that everyone has a first name and middle initial is similarly invalid: J. Paul Getty, J Fred Muggs, J. Edgar Hoover H. G. Wells (although admittedly that is short for Herbert George). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 12 Jan 2007 23:08:13 -0800, [EMAIL PROTECTED] (Robert A. Rosenberg) wrote: Assuming that everyone on the planet has exactly one middle initial. I remember a case where the program needed to accept NMI (for No Middle Initial). Of course Harry S Truman's middle initial was his middle name. Same thing for the stage name of Michael J Fox (who thought the J in Michael J. Pollard sounded good).But software keeps putting periods after these initials even though they are not abbreviations. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
-Original Message- From: IBM Mainframe Discussion List On Behalf Of Howard Brazee On 12 Jan 2007 23:08:13 -0800, Robert A. Rosenberg wrote: Assuming that everyone on the planet has exactly one middle initial. I remember a case where the program needed to accept NMI (for No Middle Initial). Indeed, in completing an ATF Form 4473, one is *required* to furnish a middle name even if one has none, or only an initial. Of course Harry S Truman's middle initial was his middle name. Same thing for the stage name of Michael J Fox (who thought the J in Michael J. Pollard sounded good).But software keeps putting periods after these initials even though they are not abbreviations. I know a fellow from high school whose first name is the letter D. There was also a story a few years ago about a man who had his entire name legally changed to the single word Bear. And then there's the fictional B J Honeycutt from M*A*S*H -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On Tue, 16 Jan 2007 09:54:59 -0600, Chase, John [EMAIL PROTECTED] wrote: There was also a story a few years ago about a man who had his entire name legally changed to the single word Bear. There was an article in the early 1970's, I think it was in Computer World, about someone who tried to change his legal name to a four digit number. It was denied and noted that it would cause havoc with computer programs. Then there's the Dead Kennedys band member whose stage name is 6025. Is it Friday yet? -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Haven't we beaten this severely off-topic thread to death already? Don Imbriale -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee Sent: Tuesday, January 16, 2007 10:49 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Forbidding Special characters in passwords On 12 Jan 2007 14:02:40 -0800, [EMAIL PROTECTED] (Richard Peurifoy) wrote: Most of the time, but it is amazing how many different spellings our admissions system sees. The student will spell it one way on the SAT, and another way on their application. My spell checker gives one spelling for Shakespeare - but he used a bunch of spellings for his name. I worked for a publisher that had data entry operators enter hand written names.So we had a combination of transcription errors with people writing their names different ways. I know of a married couple named Pat (not Patrick) and Patricia. They don't want software to assume they are one person even though they live at the same address. But my wife uses both of those names for herself. Occasionally we see a formal document and say about someone we know well I didn't know his first name was John. I suppose any correcting system needs to have a way tell it to stop trying to correct a name. Which means we need to include this in its basic design. (Oh, I also like to put multiple e-mail addresses in the e-mail address line - but that rarely works). *** Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
--snip- And then there's the fictional B J Honeycutt from M*A*S*H -unsnip IIRC, that was Benjamin James:-) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
The assumption that everyone has a first name and middle initial is similarly invalid: J. Paul Getty, J Fred Muggs, J. Edgar Hoover This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Howard Brazee [EMAIL PROTECTED] Sent by: IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU 01/16/2007 10:25 AM Please respond to IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU To IBM-MAIN@BAMA.UA.EDU cc Subject Re: Forbidding Special characters in passwords On 12 Jan 2007 23:08:13 -0800, [EMAIL PROTECTED] (Robert A. Rosenberg) wrote: Assuming that everyone on the planet has exactly one middle initial. I remember a case where the program needed to accept NMI (for No Middle Initial). Of course Harry S Truman's middle initial was his middle name. Same thing for the stage name of Michael J Fox (who thought the J in Michael J. Pollard sounded good).But software keeps putting periods after these initials even though they are not abbreviations. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 16 Jan 2007 08:54:19 -0800, [EMAIL PROTECTED] (Tom Marchant) wrote: There was an article in the early 1970's, I think it was in Computer World, about someone who tried to change his legal name to a four digit number. It was denied and noted that it would cause havoc with computer programs. Then there's the Dead Kennedys band member whose stage name is 6025. I don't think one needs to have a computer that accepts The symbol of the person formerly known as 'Prince'. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Tom Marchant wrote: On Tue, 16 Jan 2007 09:54:59 -0600, Chase, John [EMAIL PROTECTED] wrote: There was also a story a few years ago about a man who had his entire name legally changed to the single word Bear. There was an article in the early 1970's, I think it was in Computer World, about someone who tried to change his legal name to a four digit number. It was denied and noted that it would cause havoc with computer programs. Then there's the Dead Kennedys band member whose stage name is 6025. Is it Friday yet? IMHO this is partially on topic. People provide strange names (off-topic) and hwoe they interact with computer systems (ON-TOPIC). AFAIK there is in some countries *official standard* for people's names. It solves majority of the problems: your system should be compatible with public standard. If your system is not - your problem. If a customer has incompatible name - *not your problem*. The person should provide how to record his(her) name to standard format. Of course the standard provides many other advantages: COMPATIBILITY. Data interchange does not require truncating, reformatting, etc. Simple is better. I'm not sure whether 6025 is acceptable, but quite realistic names in Poland can be nightmare: Anastazja Konstantynopolitanczykowianeczka-Czestochowska Andrzej Au Marcin Zyps albo Cyps off-topic BTW: I liked Dead Kennedys. It's nice that anybody remembers them g /off topic -- Radoslaw Skorupka Lodz, Poland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 16 Jan 2007 09:25:12 -0800, [EMAIL PROTECTED] (R.S.) wrote: It solves majority of the problems: your system should be compatible with public standard. If your system is not - your problem. If a customer has incompatible name - *not your problem*. The person should provide how to record his(her) name to standard format. Sometimes.Other times we need to determine whether a name given is the one that matches some other database. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
From: Howard Brazee [EMAIL PROTECTED] Date: Tue, January 16, 2007 10:25 am Of course Harry S Truman's middle initial was his middle name. Same thing for the stage name of Michael J Fox (who thought the J in Michael J. Pollard sounded good).But software keeps putting periods after these initials even though they are not abbreviations. Well, it is true that the letter S was his middle name, but he did write it with a period, despite it not being an abbreviation. see here: http://www.trumanlibrary.org/letters/de3110p4.gif and here: http://www.trumanlibrary.org/letter/anniv3.jpg A lot of software has trouble with two middle names or initials. When we moved to NY my wife had to get the manager of the DMV over to get her double middle name handled. They initially flat out refused to do it, despite the facts that a) it was on her marriage certificate, b) it was on her AZ driver's license, and c) it was on her social security card. They eventually let her keep it, but made her also use an initial for her first name so that it would all fit in their system. Another problem I have seen is people having more than one title or modifier. Like Joe Johnson, Jr, PhD, Esquire. Also, most people code for Dr. and Mrs., but what about Mr. and Dr. or Dr. and Dr.? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Howard Brazee wrote: On 16 Jan 2007 09:25:12 -0800, [EMAIL PROTECTED] (R.S.) wrote: It solves majority of the problems: your system should be compatible with public standard. If your system is not - your problem. If a customer has incompatible name - *not your problem*. The person should provide how to record his(her) name to standard format. Sometimes.Other times we need to determine whether a name given is the one that matches some other database. Hey - IBM has a solution for you... http://www-306.ibm.com/software/data/globalname/ Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Robert A. Rosenberg wrote: At 12:19 -0500 on 01/10/2007, Kim Goldenberg wrote about Re: Forbidding Special characters in passwords: Because they don't exist on ATMs. If you have a debit/credit card tied to your account and go to an ATM, you can't enter the special characters (perhaps except # and *). ATMs also limit the password lengths, so that the software inside doesn't have to have more buffer space than absolutely necessary. That also probably eliminated upper/lower case differences as well. Quite possibly folds the letters into the appropriate numbers as on the phone. What requires that the password for the Credit/Debit card be the same as that of the Online Account that is is controlled by? My Online banking accounts have totally different passwords from the ones I use at the ATM when I present the card. The ATM wants a NUMERIC PIN while the Online Banking takes an Alphanumeric Password (even if your selected ATM PIN is just the Telephone Pad translation of the Alphanumeric Password for the Online Banking). The bank I use (a nationally known bank) has decided (? by PHBs? ) that you have one pin for everything. That's their choice, not mine. Now, however, you now have a passkey of a picture and a description the you provide and you are required to confirm they match when you log on; kind of like saying are you really __? Not *MY* choice, but theirs. Kim -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Kim Goldenberg wrote: however, you now have a passkey of a picture and a description the you provide and you are required to confirm they match when you log on; kind of like saying are you really __? Not *MY* choice, but theirs. this is not for them to authenticate you ... this is supposedly allowing you to authenticate them (aka can they present the correct information you previously provided) i.e. this supposedly is countermeasure to website impersonation (being used for phishing and identity theft). however when this was first being discussed ... the issue of man-in-the-middle attacks was raised ... lots of past posts about real-time man-in-the-middle attacks http://www.garlic.com/~lynn/subintegrity.html#mitm there has been some amount in the news recently about such website MITM exploits showing up (aka the additional website authentication processes aren't actually provide end-to-end authentication and integrity ... and a fraudulent website can still get in the middle ... transparently forwarding information in either direction as needed). the issue somewhat is how do you know that the website that you think you are talking to is really the website you are talking to. this was supposedly one of the vulnerabilities that SSL was suppose to address ... however, there are some number of operational and/or infrastructure vulnerabilities involving SSL that result in not actually achieving the desired goal (which has somewhat given rise to various of this additional countermeasures). recent posts discussing issues about whether the website you thing you are talking to is really the website you are talking to http://www.garlic.com/~lynn/aadsm26.htm#1 Extended Validation - setting the minimum liability, the CA trap, the market in browser governance http://www.garlic.com/~lynn/2006d.html#29 Caller ID spoofing http://www.garlic.com/~lynn/2006s.html#11 Why not 2048 or 4096 bit RSA key issuance? http://www.garlic.com/~lynn/2007.html#7 SSL info collected past posts mentioning SSL http://www.garlic.com/~lynn/subpubkey.html#sslcert some number of past posts discussing infrastructure and process issues with SSL-based domain name certificate infrastructure http://www.garlic.com/~lynn/subpubkey.html#catch22 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
If a customer has incompatible name - *not your problem*. The person should provide how to record his(her) name to standard format. I disagree. That is just another version of making the user conform to IT (a service), rather than IT conforming to the user. One of my pet peeves is the fact that a lot of systems change my name from MacNeil to Macneil, and I prefer spelling my name MacNEIL, which is also allowed. BTS (a bit of topic), you know longer have to say 'his(her)', 'his/her', etc. A few years ago, an English standard of they (he/she) and their (his/her), they, etc. was accepted as inclusive language. It looks odd, at first. But, these pronouns/possessives can now be singular or plural. . Questions? Concerns? (Screems of Outrage?) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Anne Lynn Wheeler wrote: there has been some amount in the news recently about such website MITM exploits showing up (aka the additional website authentication processes aren't actually provide end-to-end authentication and integrity ... and a fraudulent website can still get in the middle ... transparently forwarding information in either direction as needed). re: http://www.garlic.com/~lynn/2007b.html#53 Forbidding Special characters in passwords and the other problem with this scheme is that it scales badly (besides not providing end-to-end authentication/integrity and vulnerable to MITM attacks) ... it has effectively the same problems as shared-secret pin/passwords http://www.garlic.com/~lynn/subintegrity.html#secrets if this approach were to catch on ... then if you effectively have scores of unique pin/passwords for every unique security domain ... then you potentially need (to provide and remember) scores of unique images/descriptions for every website. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
snip-- The assumption that everyone has a first name and middle initial is similarly invalid: J. Paul Getty, J Fred Muggs, J. Edgar Hoover ---unsnip- Jean Paul Getty and John Edgar Hoover chose the names they would be known by. J Fred Muggs was a chimp. First introduced to America by Dave Garroway. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/15/2007 at 02:42 PM, Tony Harminc [EMAIL PROTECTED] said: added another item to the list, That wasn't clear from the wording. Are you just complaining that I neglected to number it? No, but had you numbered it I would not have interpreted it as a response to the text that you quoted. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
There was an entire M*A*S*H episode where Hawkeye tried to find out what the B.J. stood for and was not successful. The final conclusion was that B.J. stood for nearly anything. KenG Rick Fochtman wrote: --snip- And then there's the fictional B J Honeycutt from M*A*S*H -unsnip IIRC, that was Benjamin James:-) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Actually, at the end of the episode it was revealed that BJ didn't really stand for anything. BJ was named for his parents, Bea and Jay Honeycutt. John P Baker -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ken Gunther Sent: Tuesday, January 16, 2007 8:49 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Forbidding Special characters in passwords There was an entire M*A*S*H episode where Hawkeye tried to find out what the B.J. stood for and was not successful. The final conclusion was that B.J. stood for nearly anything. KenG Rick Fochtman wrote: --snip- And then there's the fictional B J Honeycutt from M*A*S*H -unsnip IIRC, that was Benjamin James:-) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Shmuel Metz wrote: at 04:06 PM, Tony Harminc said: Assuming that everyone on the planet has exactly one middle initial. No; read what I wrote. He knows how to spell his *own* name; he may or may not know how to spell someone else's name that sounds similar. That doesn't depend on the existence or number of middle initials. What do you mean no? I read what you wrote, and added another item to the list, which seems also to have been encountered by several other list readers . Are you just complaining that I neglected to number it? Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
-snip--- I was irritated with my discharge papers, truncating the III in Howard John Brazee III, which made them look like my Dad's discharge. ---unsnip--- Same happened to me, Howard. Richard Angus Fochtman is my Dad's name; I'm a Junior. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/12/2007 at 04:06 PM, Tony Harminc [EMAIL PROTECTED] said: Assuming that everyone on the planet has exactly one middle initial. No; read what I wrote. He knows how to spell his *own* name; he may or may not know how to spell someone else's name that sounds similar. That doesn't depend on the existence or number of middle initials. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
The first longer stay I had in IBM Poughkeepsie was to write a redbook about SMP4 and MVS repackaging (must have been the SUs at that time). I was located in the World Trade System Center (Route 55). It took a few weeks before our so called 'world-trade' team realized that there was no techie IBMer with initials BXH in Building 706 with the same problems as we had - just a secretary typing up my problem reports. Birger Heede IBM Denmark Tony Harminc wrote: Shmuel Metz (Seymour J.) wrote: 9. Not allowing special characters in personal names, e.g., 't Hooft. The customer knows better than you do how to spell his own name. Assuming that everyone on the planet has exactly one middle initial. Tony M. F. H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Paul Gilmartin wrote: Yes, but please don't take the behavior of RACF as Divine mandate. I interpreted the OP's intention as, I am constantly amazed at the number of sites [and security products such as RACF] which FORBID the use of special characters in passwords and userid's. ... The rationale of design decisions made by RACF is subject to question as the rationale of any site's local decision. In fact, plausible rationales for RACF's choice have appeared elsewhere in this thread. -- gil One password policy per site or enterprise is not a very good idea from a security standpoint. Many products with user repositories (such as RACF) have their own restrictions and using the least common denominator does not improve overall security in any way. Then, different products have very different security requirements. A product like RACF which has a tightly controlled and protected repository and a rather low limit on the number of allowed false password attempts can tolerate shorter passwords with less stringent requirements than a product with a repository that can easily be accessed, copied, and attacked off-line. Other example: ATM cards can be secure with 4-digit PINs, an encrypted file where the key is derived from a password requires long and complex passwords. So, the password policy very much depends on what the password is used for. There is an excellent article and discussion on this topic currently going on in Bruce Schneier's blog, see: http://www.schneier.com/blog/archives/2007/01/choosing_secure.html -- Ulrich Boche SVA GmbH, Germany IBM Premier Business Partner -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On Fri, 12 Jan 2007 12:34:59 +0100, Ulrich Boche wrote: Snip! http://www.schneier.com/blog/archives/2007/01/choosing_secure.html Interesting. I see that it says this: Good encryption software doesn't use your password as the encryption key. That's what RACF does. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 1/12/2007 11:02 AM, Tom Marchant wrote: On Fri, 12 Jan 2007 12:34:59 +0100, Ulrich Boche wrote: Snip! http://www.schneier.com/blog/archives/2007/01/choosing_secure.html Interesting. I see that it says this: Good encryption software doesn't use your password as the encryption key. That's what RACF does. Not precisely, but certainly the transformation we use is not one that would significantly delay a password guessing program. However, when Bruce talks about how PGP or PasswordSafe transform the password in a way that increases the guessing time, note that the need for that should be less with RACF than with PGP or PasswordSafe. With RACF the database is in a much more protected location, than the database for PGP or PasswordSafe, and therefore the chances of someone gaining access to the database (needed for the offline guessing attack) is much less. Walt Farrell, CISSP z/OS Security Design, IBM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On Fri, 12 Jan 2007 11:19:42 -0500, Walt Farrell [EMAIL PROTECTED] wrote: On 1/12/2007 11:02 AM, Tom Marchant wrote: On Fri, 12 Jan 2007 12:34:59 +0100, Ulrich Boche wrote: Snip! http://www.schneier.com/blog/archives/2007/01/choosing_secure.html Good encryption software doesn't use your password as the encryption key. That's what RACF does. Not precisely, but certainly the transformation we use is not one that would significantly delay a password guessing program. Ok, I stand corrected. I've seen it posted here that RACF uses the password as a key to encrypt the userid. It seemed like a good technique to me. I was surprised at Mr. Schneier's comment quoted above. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 1/12/2007 12:21 PM, Tom Marchant wrote: On Fri, 12 Jan 2007 11:19:42 -0500, Walt Farrell [EMAIL PROTECTED] wrote: On 1/12/2007 11:02 AM, Tom Marchant wrote: On Fri, 12 Jan 2007 12:34:59 +0100, Ulrich Boche wrote: Snip! http://www.schneier.com/blog/archives/2007/01/choosing_secure.html Good encryption software doesn't use your password as the encryption key. That's what RACF does. Not precisely, but certainly the transformation we use is not one that would significantly delay a password guessing program. Ok, I stand corrected. I've seen it posted here that RACF uses the password as a key to encrypt the userid. It seemed like a good technique to me. I was surprised at Mr. Schneier's comment quoted above. For practical purposes, it's correct to say the password is the key. It is somewhat transformed, but (as I mentioned) not enough to significantly delay password guessing. But again, that's only a problem if a hacker gains access to an unencrypted copy of the database. Walt Farrell, CISSP z/OS Security Design, IBM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Tom Marchant wrote: Ok, I stand corrected. I've seen it posted here that RACF uses the password as a key to encrypt the userid. It seemed like a good technique to me. I was surprised at Mr. Schneier's comment quoted above. unix password file is publicly readable ... and used a similar technique to obfuscate the password. however an attack was to get a copy of the password file ... and run thru all the password guesses, doing the transformation on each password guess ... and compare it with what was in the file. That was why it was called password guessing ... since you just couldn't take the password directly from the file. the countermeasure is the shadow password file ... the publicly readable password file was retained ... but with the password field dummied out ... and the password file with the actual (obfuscated) passwords were hidden away someplace. the real countermeasure is to make it as hard as possible to obtain the password file (making it more difficult to efficiently run the guessing process). The password obfuscation technique is decades old countermeasure predating efficient, automated guessing strategies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In [EMAIL PROTECTED], on 01/10/2007 at 10:12 AM, Howard Brazee [EMAIL PROTECTED] said: 2. Not accepting 8 digit zip codes. ITYM 9 digit (ZIP+4). 5. Not accepting hyphens in SSN's and telephone numbers, and not accepting parentheses around areas codes. 6. Not accepting all valid characters in e-mail addresses, per RFC 2822. In particular, not accepting plus and minus. 7. Bloated web pages, requiring plugins and setting cookies with long expiration periods. 8. Requiring specific browsers. 9. Not allowing special characters in personal names, e.g., 't Hooft. The customer knows better than you do how to spell his own name. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Shmuel Metz (Seymour J.) wrote: 9. Not allowing special characters in personal names, e.g., 't Hooft. The customer knows better than you do how to spell his own name. Assuming that everyone on the planet has exactly one middle initial. Tony M. F. H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Assuming that everyone on the planet has exactly one middle initial. An example, my younger son's name is: Cameron Taylor Kenneth MacNEIL . Questions? Concerns? (Screems of Outrage?) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 12 Jan 2007 13:06:56 -0800, [EMAIL PROTECTED] (Tony Harminc) wrote: Assuming that everyone on the planet has exactly one middle initial. Tony M. F. H. I was irritated with my discharge papers, truncating the III in Howard John Brazee III, which made them look like my Dad's discharge. In around 1969 I read a book where the main character had a long hyphenated name. Computers couldn't handle it. The protagonist was irritated enough to come up with a bug that ate computer tapes. This ended up being good - environmentalists were happy with his discovery. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 12 Jan 2007 13:14:07 -0800, [EMAIL PROTECTED] (Ted MacNEIL) wrote: Assuming that everyone on the planet has exactly one middle initial. An example, my younger son's name is: Cameron Taylor Kenneth MacNEIL Ahh, mixed case names. Or last names with spaces in them. Or moving Jr. or III or IV around. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In around 1969 I read a book where the main character had a long hyphenated name The Man Whose Name Wouldn't Fit. I read it, too. . Questions? Concerns? (Screems of Outrage?) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Shmuel Metz , Seymour J. wrote: 9. Not allowing special characters in personal names, e.g., 't Hooft. The customer knows better than you do how to spell his own name. Most of the time, but it is amazing how many different spellings our admissions system sees. The student will spell it one way on the SAT, and another way on their application. It becomes quit a challenge to match up which test scores go with which applications. They try to use birth dates, addresses, SSN's, and any other info they have. Sometime they can't match them at all, and sometimes two students get combined. We have seen names spelled differently with different SSN's supplied, and different addresses that turn out to be the same person. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
At 16:06 -0500 on 01/12/2007, Tony Harminc wrote about Re: Forbidding Special characters in passwords: Assuming that everyone on the planet has exactly one middle initial. I remember a case where the program needed to accept NMI (for No Middle Initial). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
At 12:19 -0500 on 01/10/2007, Kim Goldenberg wrote about Re: Forbidding Special characters in passwords: Because they don't exist on ATMs. If you have a debit/credit card tied to your account and go to an ATM, you can't enter the special characters (perhaps except # and *). ATMs also limit the password lengths, so that the software inside doesn't have to have more buffer space than absolutely necessary. That also probably eliminated upper/lower case differences as well. Quite possibly folds the letters into the appropriate numbers as on the phone. What requires that the password for the Credit/Debit card be the same as that of the Online Account that is is controlled by? My Online banking accounts have totally different passwords from the ones I use at the ATM when I present the card. The ATM wants a NUMERIC PIN while the Online Banking takes an Alphanumeric Password (even if your selected ATM PIN is just the Telephone Pad translation of the Alphanumeric Password for the Online Banking). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
At 10:12 -0700 on 01/10/2007, Howard Brazee wrote about Re: Forbidding Special characters in passwords: I'm amazed about the number of sites that believe that the consumers should do things their way.Some other examples include: 1. Not accepting spaces in credit card numbers (there's a reason they are on the cards). You leave room for the spaces and do a regexp to remove them as well as non numerics and then check the length. Another method is to use boxes of the correct lengths and auto-tab as the box fills. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
At 08:50 -0800 on 01/10/2007, John Mattson wrote about Forbidding Special characters in passwords: I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. And by the sites which LIMIT the length of passwords and userid's. Since the number of possible combinations increases exponentially with the possibe values for each character and the number of characters, I cannot fathom why they impose such limits. Accept a reasonable length password/phrase and then Hash it (such as with MD5 with creates a 16 Byte Hash value). To verify the correct entry, you just accept it again, Hash, and compare the two Hashes. There is no need to ever store the original password. If you want to keep the 8 Byte PW Length, just XOR the first 8 Bytes with the second 8 Bytes. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
In a recent note, Ulrich Boche said: Date: Thu, 11 Jan 2007 00:00:52 +0100 [EMAIL PROTECTED] wrote: I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. ... Well, RACF for example doesn't allow special characters (apart from $, #, and @) in passwords. This makes it very difficult for any site to allow such characters if the user repository is RACF (or Top Secret or ACF/2). Yes, but please don't take the behavior of RACF as Divine mandate. I interpreted the OP's intention as, I am constantly amazed at the number of sites [and security products such as RACF] which FORBID the use of special characters in passwords and userid's. ... The rationale of design decisions made by RACF is subject to question as the rationale of any site's local decision. In fact, plausible rationales for RACF's choice have appeared elsewhere in this thread. -- gil -- StorageTek INFORMATION made POWERFUL -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Forbidding Special characters in passwords
I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. And by the sites which LIMIT the length of passwords and userid's. Since the number of possible combinations increases exponentially with the possibe values for each character and the number of characters, I cannot fathom why they impose such limits. But they do on such financial sites as Vanguard Mutual Funds, Scottrade, and World Savings. I eMail them regularly and complain, but I have seen no changes so far. There may be a case for forbidding certain special characters, and I think that requiring special characters might be counter productive, but I cannot see any logical reason for completely forbidding them. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 10 Jan 2007 08:50:58 -0800, [EMAIL PROTECTED] wrote: I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. And by the sites which LIMIT the length of passwords and userid's. Since the number of possible combinations increases exponentially with the possibe values for each character and the number of characters, I cannot fathom why they impose such limits. But they do on such financial sites as Vanguard Mutual Funds, Scottrade, and World Savings. I eMail them regularly and complain, but I have seen no changes so far. There may be a case for forbidding certain special characters, and I think that requiring special characters might be counter productive, but I cannot see any logical reason for completely forbidding them. I'm amazed about the number of sites that believe that the consumers should do things their way.Some other examples include: 1. Not accepting spaces in credit card numbers (there's a reason they are on the cards). 2. Not accepting 8 digit zip codes. 3. Not accepting complex names with mixed case letters. 4. Making it extremely difficult to get help. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
John Mattson wrote: I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. And by the sites which LIMIT the length of passwords and userid's. Since the number of possible combinations increases exponentially with the possibe values for each character and the number of characters, I cannot fathom why they impose such limits. But they do on such financial sites as Vanguard Mutual Funds, Scottrade, and World Savings. I eMail them regularly and complain, but I have seen no changes so far. There may be a case for forbidding certain special characters, and I think that requiring special characters might be counter productive, but I cannot see any logical reason for completely forbidding them. Because they don't exist on ATMs. If you have a debit/credit card tied to your account and go to an ATM, you can't enter the special characters (perhaps except # and *). ATMs also limit the password lengths, so that the software inside doesn't have to have more buffer space than absolutely necessary. That also probably eliminated upper/lower case differences as well. Quite possibly folds the letters into the appropriate numbers as on the phone. Kim Goldenberg -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
A huge technical reason is that many such characters are not encoded the same on different platforms. Character translations occur all over the place. Another reason could be that complex passwords have not been shown to add value. In fact, I have seen one study (I wish I could recall the source) that suggests that simpler is better. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of John Mattson Sent: Wednesday, January 10, 2007 10:51 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Forbidding Special characters in passwords I am constantly amazed at the number of sites which FORBID the use of special characters in passwords and userid's. And by the sites which LIMIT the length of passwords and userid's. Since the number of possible combinations increases exponentially with the possibe values for each character and the number of characters, I cannot fathom why they impose such limits. But they do on such financial sites as Vanguard Mutual Funds, Scottrade, and World Savings. I eMail them regularly and complain, but I have seen no changes so far. There may be a case for forbidding certain special characters, and I think that requiring special characters might be counter productive, but I cannot see any logical reason for completely forbidding them. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 1/10/2007 12:14 PM, Howard Brazee wrote: I'm amazed about the number of sites that believe that the consumers should do things their way.Some other examples include: ...snipped... 2. Not accepting 8 digit zip codes. I didn't know there were any valid 8-digit zip codes. 5, or 9, yes. But 8? Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On Wed, 10 Jan 2007 12:45:29 -0500, Walt Farrell [EMAIL PROTECTED] wrote: On 1/10/2007 12:14 PM, Howard Brazee wrote: I'm amazed about the number of sites that believe that the consumers should do things their way.Some other examples include: ...snipped... 2. Not accepting 8 digit zip codes. I didn't know there were any valid 8-digit zip codes. 5, or 9, yes. But 8? A zip code is a the equivalent to a postcode in the UK which can be anything from 5 to 7 characters. Worldwide they vary: http://en.wikipedia.org/wiki/List_of_postal_codes Seb. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 10 Jan 2007 09:46:04 -0800, [EMAIL PROTECTED] (Walt Farrell) wrote: 2. Not accepting 8 digit zip codes. I didn't know there were any valid 8-digit zip codes. 5, or 9, yes. But 8? Oops, not in the US. (If you want foreign business, know about foreign address standards). How about 10 characters - as in 80026-2895?A user friendly interface should accept that. The days of us giving everybody the same report and telling our users to learn to read it are numbered.Now our customers include the general public and they aren't interested in doing things my way. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
On 1/10/2007 12:53 PM, Sebastian Welton wrote: On Wed, 10 Jan 2007 12:45:29 -0500, Walt Farrell [EMAIL PROTECTED] wrote: On 1/10/2007 12:14 PM, Howard Brazee wrote: I'm amazed about the number of sites that believe that the consumers should do things their way.Some other examples include: ...snipped... 2. Not accepting 8 digit zip codes. I didn't know there were any valid 8-digit zip codes. 5, or 9, yes. But 8? A zip code is a the equivalent to a postcode in the UK which can be anything from 5 to 7 characters. Worldwide they vary: Yes, I know that other countries have different formats, but I would expect anything wanting a zip code to want a US code. In my (admittedly limit4ed) experience sites that accept non-US addresses label the field differently, or have a separate field. That helps in verifying validity, for the cases where validation is possible. I could understand it if Howard had complained about sites that require US addresses (but there the argument is probably that they don't want to have to pay international postage, or recognize that they need to do so). Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Forbidding Special characters in passwords
Please tell that to the automobile insurance companies. Last time I looked, they were still using their indecipherable coverage codes to report policy options (well, Geico was at least). Usually something along the lines of AX4T90F1PE with 5 pages explaining what each character and position represents. Howard Brazee wrote in message news:[EMAIL PROTECTED]... The days of us giving everybody the same report and telling our users to learn to read it are numbered. Now our customers include the general public and they aren't interested in doing things my way. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html