I am afraid you are missing a matter of statistical import. In fact, your proposal to enforce unique passwords INCREASES the likelihood of anyone guessing a user name AND password. (This is kind of fun.)
1. If the odds are that you will get one correct guess in ten tries if there are 50,000 users, than once you have a correct user ID, what are the odds that you will guess the password? There is only one password you are guessing amongst, but there were 50,000 users. So you try the obvious ones, GOD, SEX, the Username, and all. But most people don't use the obvious ones, just a few people. Maybe the password is PIGFACE. You'll NEVER get it.
2. The odds of guessing the right password increase when you enforce password uniqueness because now you can use your own account to find legitimate passwords.
>I understand the ease of guessing out passwords. User names are guessed in a flash. So with what you say, the conclusion must be that two fields are not so secure anyway. Maybe a control on the uniqueness of the Password field in either case should be mandatory.
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only