User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Case Sensitivity of UserIDs Page [1]  
b_rimes
All American
2072 Posts
user info
edit post

Having a theorhetical question at work regarding the case sensitivity of userIDs. While we've seen a percieved standard of making these non-case sensitive are there any written standards for internet usage regarding userIDs and passwords? Perhaps a best-practice for this type of information?

2/24/2007 11:02:18 AM

plusdelta
All American
1034 Posts
user info
edit post

there aren't really any standards for this sort of thing, but a lack of case-sensitivity is usually more of a matter of convenience for an end user.

generally, case-sensitivity means more possible permutations, which can mean greater security. brute-force attempts can still crack any password, eventually, but case-sensitivity increases the number of possible combinations greatly.

2/24/2007 12:52:44 PM

b_rimes
All American
2072 Posts
user info
edit post

I understand - those are all my arguments against moving one of our applications at work in case insensitive. It's all coming down to security vs. convenience, which is why I was looking for some type of standard to back up my desire of case sensitivity.

2/24/2007 2:26:37 PM

Aficionado
Suspended
22518 Posts
user info
edit post

make it case-sensitive and tell everyone to get the sand out of their vagina



[Edited on February 24, 2007 at 2:36 PM. Reason : it != is

2/24/2007 2:30:37 PM

Charybdisjim
All American
5486 Posts
user info
edit post

I'd say the big questions for this kind of thing are:

1) Do the users get to chose their own ID's?
2) Will the ID's be used for contact purposes?
3) If 1 is yes, would there be checks to keep someone from creating JohnDoe and Johndoe."

If the users get to create their own ID's you could have issues with people creating similar ID's for fraudulent purposes. You could solve this with a program that treats ID's as case sensitive for login purposes but not for determining uniqueness. If the user's aren't allowed to chose their own ID's then you run into the issue that what would be capitilized would be obvious and pre-determined in most cases. If the ID's are created from first+last name (like unity ID) this really wouldn't add any additional security since people could easily figure out ID's.

If the ID's are used for contact purposes (like a screen name or email adress) it would be fine to make the login case sensitive, but whatever program you use to rout communications, identify accounts, and check for uniqueness of names should treat both cases the same. You don't want something like email adresses to be case sensitive if you can help it, because people will fuck up a lot.

Passwords should always be case sensitive. There's no real downside to using case sensitive passwords especially if they get to chose their own. It's more important to require passwords be at least a certain length, contain letters and numbers (and symbols if you want to be really paranoid), and not have any common names or birthdates.

Why is anyone arguing for things not being case-sensitive?

2/24/2007 2:40:19 PM

 Message Boards » Tech Talk » Case Sensitivity of UserIDs Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.