The Laboratorium : What Kind of Stupid Security Is This?

Your login ID must contain at least one numeric or special character. Please enter a valid login ID.

Let the record reflect that my password consists of randomly chosen numbers and letters (of mixed case) and is over twice as long as their minimum. I fail to see how adding a number to my login ID—which standard security practice treats as public knowledge—improves matters.

July 18, 2007 at 12:40 PM

Matthew Skala

I wonder if it’s really designed to prevent a run on desirable IDs. There can be only one user ID of “james” and it may seem unfair for only one of the many people with that name to have that ID. Forcing all IDs to include a number or special character basically means that nobody (except maybe Jennifer 8. Lee) can have the special privilege of using their name as their ID, which couldn’t possibly be extended to everyone who wanted it.