As a follow-up to my last post, here are a few tips to help keep you from driving your site users away with misguided password restrictions.
Your tweets may be precious to you, but as a web developer, you should understand the differences between password security for Twitter and for online banking. Consider the monetary and legal damages that to both you and your customers if their account were compromised and plan accordingly.
Most programmers take a pragmatic approach to security and scale their efforts based on an estimate of the sensitivity of the data they are storing.
The unfortunate truth is that password security is frequently underestimated, making it easy for credentials to be sniffed or stolen. Users often keep a very small collection of passwords, with many people memorizing a small collection and using them on almost every site and service they use. A password compromise on one site can lead to a compromise on many.
I frequently use my wife’s Macbook because it always seems to be handy when my own laptop is in the other room. I gave myself a user account on the machine, but she started complaining that I’d often forget to switch back to her user account when I was done.
Being a lazy git, I sought out for a technical solution for this problem. The solution I came up with will automatically switch the active user to one of your choice each time the laptop is put to sleep (the lid is closed):
