Friday, 11 July 2008

Password Validation Schemes - Why fail if caps lock on? Stupid!

Don't know about anyone else but I'm sick of password failures (and possible locking out of accounts) when the caps lock is on. It would seem to me with only a minor change to the entry mechanism a password could be "normalised" to work whether or not the caps lock was on with only trival impact on the password's security.

I think the case of all letters in a password could be adjusted so that the first letter found in a password would be lower case or converted to lower case. If the first letter was converted (from upper) then the case of all other letters in the password is adjusted to the opposite state (lower to upper and upper to lower).

For Example:

Before    Adjusted
======    ========
1ABC      1abc
1abc      1abc
2Abc      2aBC
2aBC      2aBC

Because this scheme still supports use of both cases (looks are transitions in case rather than absolute case) there is minimal impact of the complexity of a key...

Anyway thats my 2.1 cents worth for today.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)