I believe you are mistaken. After they lost the backups and everyone yelled at them they implemented password hashing.

It’s just as important, if not more, to allow your visitors to login securely. Even if your password was 27 characters and completely random, a sniffer will log it just as easily as a short, easy password.

@Jared

Bloglines stores their passwords in clear text, also. I’ve had to have them send it to me a couple of times and instead of sending me some random garbage, they send my real password to me. Good security, indeed.

That’s why it’s important to use different passwords. If someone compromises one, they just have access to that one resource.

If is so trivial to implement than why -not- do it?

Allowing a wider character set for the password allows the user to choose a complex passphrase that they are more likely to remember or more familiar with. I’ll bring up the example of the so called “security questions” (used by ING, BoA and half the world). If asked for the “City of your Birth” and you can’t enter in “St. Louis” because the tool won’t allow the “.” (period) than I’ve just created an exception to something I know and can remember. The next time I’m asked that question I’ll screw it up. This is basic usability.

I find it interesting that we continue to argue about this topic. Just the other day I attempted to log into an application and it wouldn’t allow me in. My first theory (and the correct one it turned out) was the back end system was an older Oracle system. My password just happened to have an ‘@’ sign in it. Its 2007 and we can’t even get escaping the password correct.

Becareful of taking a holier than thou attitude, while you can use special characters in reddit, they are stored plain text in their database despite the fact that their backups containing the passwords were stolen from the back of a van a few months ago.

What’s much more shameful, imo, are corporations, etc. that make users change their passwords every month. That’s absolutely terrible.