Tag: passwords

authentication – “Username and/or Password Invalid” – Why do websites show this kind of message instead of informing the user which one was wrong?

The Question : 106 people think this question is useful Lets say a user is logging into a typical site, entering their username and password, and they mistype one of their inputs. I have noticed that most, if not all, sites show the same message (something along the lines of, “Invalid username or password”) despite

entropy – Password rules: Should I disallow “leetspeak” dictionary passwords like XKCD’s Tr0ub4dor&3

The Question : 118 people think this question is useful TLDR: We already require two-factor authentication for some users. I’m hashing, salting, and doing things to encourage long passphrases. I’m not interested in the merits of password complexity rules in general. Some of this is required by law, and some of it is required by