mouse
Premium
join:2007-03-29
australia
| Password Generation and exclusion of certain letters/digits
We are running a website that provides for a password forgotten service. A new password is being generated to get the customer back in. Unfortunately some of the passwords are difficult to read/interpret with certain letters/digits looking very similar (1,l,L,i,I,J,0 and O) especially depending on the font used by the recipient.
Just wondering how difficult it is to change the output for password generation to exclude those letters and digits? |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD
| said by mouse  :We are running a website that provides for a password forgotten service. A new password is being generated to get the customer back in. Unfortunately some of the passwords are difficult to read/interpret with certain letters/digits looking very similar (1,l,L,i,I,J,0 and O) especially depending on the font used by the recipient. Just wondering how difficult it is to change the output for password generation to exclude those letters and digits? Let me load up my telepathic interpreter.....darn, 'tis busted.  I guess you'll just have to tell us what software/language/etc is involved.
--
No eat apple, eat cookie. Apple spoil dinner.
My Development Sandbox | LinkedIn Profile |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to mouse
No harder than writing the password generator in the first place, except you don't put as many characters in its alphabet. |
|
csiemers
join:2000-09-16
Portland, OR
| reply to mouse
I use an array that has all the characters that I want an initial password to have, excluding the ones in your list. Then it's a matter of randomly picking out characters from that array to build a password.
--
»www.wwiivehicles.com
World War II Vehicles and Advanced Squad Leader |
|
Gomez
Been drinking brew for breakfast?
Premium,Mod
join:2001-02-21
Atlanta, GA
clubs:
1 edit | reply to mouse
Language, platform, frameworks might be useful here..
I can give you a grails 3 line solution, but have no clue if it's remotely useful. |
|
yock
TFTC
Premium
join:2000-11-21
Fairfield, OH | reply to mouse
This seems like the wrong solution to me. Why not simply recommend through your documentation that users use serif fonts?
--
Have more fun with your GPS.
Geocaching.com |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by yock :This seems like the wrong solution to me. Why not simply recommend through your documentation that users use serif fonts? Which would you rather provide tech support for:
a) forgotten-password link that avoids troublesome characters
b) "How do I change the fonts in my UnknownMail client?"
Corollary to (b): wanna teach my grandmother to change fonts on her browser? |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| said by Steve :said by yock :This seems like the wrong solution to me. Why not simply recommend through your documentation that users use serif fonts? Which would you rather provide tech support for: a) forgotten-password link that avoids troublesome characters b) "How do I change the fonts in my UnknownMail client?" Corollary to (b): wanna teach my grandmother to change fonts on her browser? Two possibilities: 1) set your display page's FONT attributes to instruct the user's browser to render a Serif-based font; and/or, 2) put instructions in to use cut-n-paste to load the temporary password into the client's connect info.
--
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. -- Bertrand Russell |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by nixen : Two possibilities: 1) set your display page's FONT attributes to instruct the user's browser to render a Serif-based font; and/or, 2) put instructions in to use cut-n-paste to load the temporary password into the client's connect info. The former is not universally reliable, and the latter is just more stuff to support.
Friedl's rule: the best tech support is that which is not necessary
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by Steve :said by nixen : Two possibilities: 1) set your display page's FONT attributes to instruct the user's browser to render a Serif-based font; and/or, 2) put instructions in to use cut-n-paste to load the temporary password into the client's connect info. The former is not universally reliable, and the latter is just more stuff to support. If your users are still using IE5, then *ANYTHING* you do is going to be a support nightmare.
said by Steve :Friedl's rule: the best tech support is that which is not necessary Corollary: the best way to cut down on need for tech support is to install fatal auto-LARTs.
--
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. -- Bertrand Russell |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to Steve
Naturally, DEC was there first.
»en.wikipedia.org/wiki/Digital_Eq···necdotes
In 1960, DEC engineers realized that in specifying connectors on a frame, where numbers mark the card slot locations and letters mark the connectors on individual cards, some letters cause confusion. Thus the letters G, I, O, and Q were dropped to avoid confusion with C, 1, and 0. The remaining 22 letters were since known as the DEC alphabet[citation needed]. (Actually, we called it the DEC Hardware Alphabet). |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| reply to yock
said by yock :This seems like the wrong solution to me. Why not simply recommend through your documentation that users use serif fonts? Because it takes longer to write the documentation than to make such a trivial code change? |
|
