On 22 Feb, 12:45, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> "Saul" <saul.dob...@dobney.com> writes:
> > I'm looking to build some new security features for a website which
> > will need stronger levels of password access, but I'm conscious from
> > experience that users aren't very good with passwords and keep losing
> > them or forgetting them so I don't want just bigger and better
> > passwords. What I was wondering was whether image files would be better:
>
> They can lose the image files too, so you may as well use passwords.
> If you want something better than passwords, use hardware tokens.
> Paypal is selling those for $5 now, so they must have found a cheap
> source of them.

The problem with good secure passwords is they are eminently
forgettable as our current users keep demonstrating - so they either
pick weak or simple passwords or keep chasing us for password help, so
I want something easier without losing password strength for an
application where we really do want better levels of security.

Oh and as we're just a smigeon smaller than eBay/Paypal hardware
solutions aren't really available to us.


Saul