« First « Previous Comments 80 - 85 of 85 Search these comments
My point is the more complex they make passwords, then the lazier the user will be to have that impossible password handy, and the easier it will be for the baddies to retrieve it for the users actions of storing it on a sticky note, or pasting the password from a file on their computer.
<script>code</script>or
<a onclick="...code..."></a>you can easily and robustly thwart most xss vectors and sinks. CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files. CSP can support allowing you to use inline script tags safely if you tag each with a random-per-page-load nonce, or tagged with a checksum of the code contents.
It's true, you can make a very strong password with just lowercase. But that's not the point - the policy is used because SOME users will create weak passwords if the system lets them type it in
CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files.
« First « Previous Comments 80 - 85 of 85 Search these comments
And if anyone's interested I use Keepass, none of that cloud shit.