Re: [PHP] e-Commerce password standards?
At 2:45 PM -0500 8/18/06, Richard Lynch wrote: I've searched some of the obvious candidates, found nothing much, and am in the process of determining at least some of the basic "rules" for other similar sites. Richard: I'm sure you Googled for this, but "password strength" brought up some interesting results. The most interesting/informative for me was: http://www.securitystats.com/tools/password.php I think the site is a bit dated, but it's good information. To force your users to have a "secure" password, you could provide tools to help them, such as a password generator (one that would suit your security concerns) or provide a "strength meter" and then only accept those with the appropriate strengths. I have code, but some might refer to it as kiddy-script caliber. Please let me know if I can help. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] e-Commerce password standards?
My boss has asked me to seek out any reputable Standards-based documentation for end-user passwords for an e-commerce site. In particular, this site allows users to login with username/password and order food with their credit card on file. So we want to force them to use "suitable" passwords on their accounts. I've searched some of the obvious candidates, found nothing much, and am in the process of determining at least some of the basic "rules" for other similar sites. Of course, some of the rules might be like: If they haven't logged in for over 6 months then blah blah blah. I'm not going to be able to determine that in a realistic time-frame. Is there any sort of guide-line documentation maintained out there for specifc use-cases? Obviously the use-case of the password matters a great deal -- an ecommerce site minimum standard is hopefully more stringent than some stupid blog or something... But surely the Banks aren't all just making up their own rules as they go, are they?... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php