Information Security Asked by bobif on February 12, 2021
Why does owasp recommend using case insensitive logins ?
Make sure your usernames/user IDs are case-insensitive. User ‘smith’
and user ‘Smith’ should be the same user.
What’s the security aspect of it?
I can see two main aspects:
Users with mobile keyboards with auto-capitalization enabled will not have to change the first letter to lower case before submitting the form, and that leads to a better user experience.
Makes impersonation harder
If Smith and smith are seem as different users, and you allow users to communicate with each other, someone can create "clones" of the current accounts and mislead other users.
Correct answer by ThoriumBR on February 12, 2021
Many users use Windows and in Windows, the most names are not case sensitive. So if you want a nice user experience you should avoid case sensitive names.
But Unix systems have used case sensitive names for 50 years with no problem at all, because their users had to know that
SMITH are 3 different names, either for files or for users.
If the names are given by an administrator, it does not matter whether they are or not case sensitive: no sane administrator would give
smith to John Smith and
Smith to Bob Evil. But when you have a system in which users can register automatically, it can be important to prevent Bob Evil to create a
Smith account. If you don't, you would fail your professional duty of good practices and help Bob to impersonate John.
Answered by Serge Ballesta on February 12, 2021
3 Asked on December 31, 2020 by bensower
0 Asked on December 30, 2020 by uncaught
1 Asked on December 29, 2020 by gsnail
1 Asked on December 29, 2020 by user242761
1 Asked on December 28, 2020 by appdeveloper
0 Asked on December 27, 2020 by waterbyte
2 Asked on December 26, 2020
4 Asked on December 26, 2020 by userk
1 Asked on December 26, 2020 by citylight
3 Asked on December 25, 2020 by thanatos
1 Asked on December 25, 2020
6 Asked on December 24, 2020 by acsor
1 Asked on December 22, 2020 by canine
cryptography hash john the ripper password cracking passwords
0 Asked on December 21, 2020 by kirill-z
1 Asked on December 20, 2020 by badddy
1 Asked on December 19, 2020 by user851
2 Asked on December 15, 2020 by turnip
2 Asked on December 12, 2020 by gethopr
2 Asked on December 8, 2020 by nutle
2 Asked on December 7, 2020 by mojo
Get help from others!
© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP