我们可以采取什么措施来防止多个用户被分配相同的密码?
我有一个处理员工工作表的网络应用程序。
他们有管理员分配给他们的用户名/密码组合。
密码分别进行加盐和散列处理。
问题是,管理员都为他们分配了相同的密码。这显然是一个安全问题。
我不想出现错误您尝试使用的密码已在使用中,因为...
- 它表明其他人拥有该密码。治安不好。
- 我无法轻松比较密码。由于它们在数据库中的存储方式,我需要单独对它们进行加盐和哈希处理。
我有什么选择来尝试限制这种行为吗?
I have a web application that handles employees work sheets.
They have username/password combinations assigned to them from an admin.
The passwords are salted and hashed individually.
The problem is, they are all being assigned the same password by the admin. This is obviously a security problem.
I don't want to error with the password you are trying to use is already in use because...
- It reveals someone else has that password. Bad security.
- I can't easily compare passwords. I need to salt and hash them individually because of the way they are stored in the database.
Do I have any options to try and limit this behaviour?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
该软件应强制用户在首次登录后更改密码。让软件检查以确保用户确实输入了新密码,而不是重复旧密码。
The software should force users to change their passwords after logging in for the first time. Have the software check to make sure the user actually enters a new password, rather than repeating the old one.
这不是一个技术问题;而是一个问题。这是一个组织/管理问题...
管理员只需停止向每个人分配相同的密码即可。
This isn't a technical problem; it's an organisational/management issue...
The admin simply needs to stop assigning the same password to everyone.
为什么每个人都被分配相同的密码?为他们提供一个随机字符串的临时密码,或者允许他们在注册时选择自己选择的密码。
Why is everybody being assigned the same password? Give them a temporary password of a random string or allow them to pick a password of their choosing when registering.