密码有效期为3个月的任何示例 [英] Any example for 3 months validity of password

问题描述

3个月的任何示例c ++中密码的有效性。能够检查密码的强度



我尝试过：



密码管理系统新手。不知道如何验证。

Any example for 3 Months Validity of password in c++. Am able to check strength of the password

What I have tried:

New to password management system. Dont know how to validate.

推荐答案

您需要做的是在数据库中存储失效日期以及密码。当用户签名或更改密码时，您将其设置为当前日期加上有效期 - 在这种情况下为3个月。

当用户登录时，您检查到期日期，并且行为恰当。



但是......打扰添加此功能可能是一个非常糟糕的主意，因为它不会显着提高安全性，并且实际上可以降低实际安全性提高安全感：密码过期时间| SANS安全意识 [ ^ ]



更重要的是如何存储密码而不是它持续的时间！

What you need to do is store an "expiry date" in your DB along with the password. When the user signs or changes his password up you set it to the current date plus the validity period - 3 months in this case.
When the user logs in, you check the expiry date, and behave appropriately.

But ... it may be a very poor idea to bother adding this feature as it provides no significant increase in security, and can actually lower real security while falsely raising the impression of security: Time for Password Expiration to Die | SANS Security Awareness[^]

Much more important is how you store a password than how long it lasts!

存储密码有点艺术，你应该使用一些盐和胡椒，只存储一些SHA-2或更好的哈希。



所以它会最好只在某个数据库中存储带有用户名的到期日。

Storing a password is a bit of an art, you should use some "salt" and "pepper" and only store some SHA-2 or better hash.

So it would better to store only an expiration day with the user name in some database.

这篇关于密码有效期为3个月的任何示例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！