Dear websites
Jun. 13th, 2012 10:55 amTo many people, "alphanumeric" means "containing ONLY letters and numbers" not "containing AT LEAST BOTH OF letters and numbers". I can see where that usage comes from: yes, abc123 is arguably more alphanumeric than abcdef in a metaphorical sort of way.
But I'm not sure "ooh, long scary word, that'll make unsophisticated users randomly guess secure passwords" is the right way of explaining things.
Also, I'm pretty sure non-alphanumeric characters are generally better (with the possible exception of counting spaces/hyphens/underscores as letters). The advice to use letters and numbers in your password could be more accurately phrased as "don't use a password consisting entirely of letters, or entirely of numbers". If someone uses a password composed entirely of letters and non-alphanumeric characters, that's probably BETTER than one containing at least 1 digit.
Also, yay for customisable password reminders. And yay for escaping text which you will display on your website. But if you escape the text one too many times, and the reminder box reads "blah blah "e; blah blah "e; blah" I don't think "wow, they escaped the text twice, that's much less likely they forgot to escape it somewhere" I think "wow, they appear to escape the text N times where N~N(1,1)" and find it quite likely that somewhere they forgot to escape it at all.
BTW, I'm sorry for picking on you. Yeah, I don't want to spend time on this either, and if you're making a good effort, or are only a hobby website, I'll cut you a lot of slack. And to be fair, the functionality of your website is really quite good. But a large company should probably hire someone who can get this stuff right.
But I'm not sure "ooh, long scary word, that'll make unsophisticated users randomly guess secure passwords" is the right way of explaining things.
Also, I'm pretty sure non-alphanumeric characters are generally better (with the possible exception of counting spaces/hyphens/underscores as letters). The advice to use letters and numbers in your password could be more accurately phrased as "don't use a password consisting entirely of letters, or entirely of numbers". If someone uses a password composed entirely of letters and non-alphanumeric characters, that's probably BETTER than one containing at least 1 digit.
Also, yay for customisable password reminders. And yay for escaping text which you will display on your website. But if you escape the text one too many times, and the reminder box reads "blah blah "e; blah blah "e; blah" I don't think "wow, they escaped the text twice, that's much less likely they forgot to escape it somewhere" I think "wow, they appear to escape the text N times where N~N(1,1)" and find it quite likely that somewhere they forgot to escape it at all.
BTW, I'm sorry for picking on you. Yeah, I don't want to spend time on this either, and if you're making a good effort, or are only a hobby website, I'll cut you a lot of slack. And to be fair, the functionality of your website is really quite good. But a large company should probably hire someone who can get this stuff right.