A modest suggestion about test accounts

January 25, 2008

Here is a modest suggestion that has recently occurred to me:

Don't give your test accounts the same password as your regular account.

It's not that I'm all that worried about security issues; it's that I want to avoid accidentally logging in as one account when I'm trying for the other. With separate passwords, I have to make an absent-minded mistake with both the username and the password, instead of just the username, and I figure this improves my odds.

I have to admit that I've never actually made this mistake, but I have had times when I looked at the username just to make sure. I suspect that slower typists have fewer problems here because they think more about what they're typing; I wind up typing a lot of things more by reflex than by conscious thought, often including my usernames and passwords.

And for all that I'm rather casual about them, there are real security issues, especially if you have to test systems whose password handling you don't entirely trust. And there's an awful lot of things these days that will 'helpfully' remember access passwords for you so they can do things automatically the next time around.

Written on 25 January 2008.
« Running a 32-bit Firefox on a 64-bit Fedora or Red Hat Enterprise
The funding capture problem »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Jan 25 23:55:09 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.