And would mean a lot users wont register as they dont want to wait for 15 seconds.Nuisance Value wrote:Putting that up in large letters with a count down, i.e. 15 seconds before the user is allowed to move on to the next stage of his/her registration, would avoid unpleasantness latter on...
[RFC] Use password_hash
Re: [RFC] Use password_hash
Re: [RFC] Use password_hash
Why? To make them read text they don't want to read? That won't help anyone. People won't read that wall of text just like they don't read agreements when installing any software, 15 sec delay will only annoy them and give them plenty of time to reconsider registering.Nuisance Value wrote:Putting that up in large letters with a count down, i.e. 15 seconds before the user is allowed to move on to the next stage of his/her registration, would avoid unpleasantness latter on...
99% of users (made up number based on my experience) don't even want to know about password hashing. There is no point in showing that text.
Formerly known as CyberAlien.
Free phpBB styles | Premium responsive XenForo styles | Iconify - modern open source replacement for glyph fonts
Free phpBB styles | Premium responsive XenForo styles | Iconify - modern open source replacement for glyph fonts
- imkingdavid
- Registered User
- Posts: 1050
- Joined: Thu Jul 30, 2009 12:06 pm
Re: [RFC] Use password_hash
How about a little (?) icon with mouseover text that contains password complexity requirements and information about password storage? A time limit I agree is not a good idea. I'm not likely to register at a place that makes me wait, especially something like 15 seconds.
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: [RFC] Use password_hash
Let's not be as verbose as Nuisance Value suggests or have a countdown timer. That would only have, well, nuisance value.
The registration E-mail sent (at least if user activation is on) includes the following (emphasis added by me):
To remember passwords, get a good password manager (I use eWallet, but there's also LastPass and KeePass, I believe).
Steve
The registration E-mail sent (at least if user activation is on) includes the following (emphasis added by me):
If you want to move that up or reword it, you can easily change the letter text to do that.Your password has been securely stored in our database and cannot be retrieved. In the event that it is forgotten, you will be able to reset it using the email address associated with your account.
To remember passwords, get a good password manager (I use eWallet, but there's also LastPass and KeePass, I believe).
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: [RFC] Use password_hash
We are replacing password hashing with a patch based on the proposal [RFC]More secure password hashing, so I'm moving this one to rejected RFCs.