Computer: Security: Password
Password Retype option   (+22, -1)  [vote for, against]

When the computer says "Invalid Password, Please Try Again", I'm never sure whether I've just mistyped it or whether I've entered the wrong word altogether.

This puts me in a dilemma, because I'd like to try the same word again in case I made a typo, but what if I was wrong about *what* the password is - then that'll be 2 out of my 3 allowed attempts that I've just wasted typing the same wrong password.

A simple modification I'd like to see is that whenever the same wrong password is entered more than once during login, it does not count again toward one's # of failed login attempts.
-- phundug, Jun 18 2007

SHA http://en.wikipedia.org/wiki/SHA-1
Explanation of SHA hash algorithms - sorry it's the Wikipedia explanation and thus badly written. [hippo, Jun 19 2007]

Good, boring, idea. an eyebrow lift to you
-- evilpenguin, Jun 18 2007


What [evilpenguin521] said.
-- Cosh i Pi, Jun 19 2007


//What [evilpenguin521] said.//

Good, boring, anno. With which I concur. [+]
-- theleopard, Jun 19 2007


Yup. +
-- hippo, Jun 19 2007


Good idea.
-- Galbinus_Caeli, Jun 19 2007


Neat.
(wrong adjective, try again. You have two attempts left)
Neat.
(wrong adjective, try again. You have one attempt left.)
Peachy.
(Adjective attempt failed. Your modifying privileges are revoked for 24 hours.)
-- shapu, Jun 19 2007


I'm torn. The uber-geek in me wants to say "hey, you know learn your friggin' password and this won't be a problem." The patient, hand-holding help desk guy in me says "an extra couple of attempts at getting the password right before a full abort might be nice for a lot of people." I'm feeling fairly chipper today so I'm going with that side of my personality. [+]
-- Noexit, Jun 19 2007


I always wanted a feature that said " That's not your password. By the way, did you know your capslock is on? "
-- normzone, Jun 19 2007


I'd rather see what I typed in while I was typing it in, since ******* doesn't give me any information other than the number of characters. Failing that, I'd like failed passwords to be displayed as typed so I can see exactly what I entered.
-- nuclear hobo, Jun 19 2007


Actually, instead of displaying "******", why can't password interfaces display a hash of your password - so, you type in "treacle51", and the interface displays "%9Pi~cgR3". If you see this come up every time you'll know when you've got your password right. As with all good hash functions, this will have the features that (1) a slight change to the input produces a radically (and unpredictably) different output, and (2) there's no (easy) way of working out the input from the output.
-- hippo, Jun 19 2007


Nice, [hippo].
-- nuclear hobo, Jun 19 2007


[hippo], that is a relatively simple cryptologic system to break... and as such wouldn't be very secure. no matter how many intermediate alphabets you cycle your plaintext through, if it always comes up with the same ciphertext, it's just a simple substitution cipher - i.e., a=q, b=$, c=^, d=? .

even if you go through thirty alphabets to get to those texts, (i.e., a= ~ = # = > = q) a will always = q, and the intermediate alphabets can be thrown out.

if each character of plaintext can have multiple characters of ciphertext (i.e., a = Rt$%^) then it would be MORE secure, but still just a substitution... so still somewhat simple to crack, compared to the "*******" .
-- CaptainClapper, Jun 19 2007


Unless, of course, your password is in fact *******
-- shapu, Jun 19 2007


/I always wanted a feature that said " That's not your password. By the way, did you know your capslock is on? "/

Modern operating systems have what is effectively this.
-- Texticle, Jun 19 2007


That would exclude XP?
-- normzone, Jun 19 2007


XP tells you your capslock is on... at least, Pro does it.

... I think.
-- CaptainClapper, Jun 19 2007


[Cap'n] XP Pro certainly does, yes. I've got that at work (not here at home though).
-- Cosh i Pi, Jun 19 2007


don't you write your passwords down? Duh!
-- po, Jun 19 2007


[CaptainClapper] No, a hash of a number or a password is not a substitution cipher, and *would* be hard to break. Look at the link I've added on "SHA" hash algorithms.
-- hippo, Jun 19 2007


you know this is so boring compared to see - suspenders...
-- po, Jun 19 2007


[hippo], indeed -- I didn't see the link :)

<somewhat off topic> have you seen the Kryptos statue @ CIA? I'm very interested in that 4th section... </sot>
-- CaptainClapper, Jun 19 2007



random, halfbakery