@intertravel said:
[quote user="Renan "C#" Sousa"]How, you ask? Well, it seems like some PHB somewhere is frustrated by having to change his credentials every now and then in some system, specially since he keeps forgetting what his new credentials are. But he knows his passwords are all similar. So he thought that if the system would accept as valid not only his password but also other close matches, he could guess his way into the system in less tries.
OK, obviously that's a complete WTF, but it actually suggests an interesting authentication method.
Imagine if instead of one password you had to type exactly, you had three or four layers that you only had to get approximately right. As long as you don't tell people which word(s) it failed on, I don't see that it's less secure. [quote user="Renan "C#" Sousa"]I feel sorry for whomever is responsible for securing data in that company.[/quote]
This is a situation where the only real remedy is to educate the user in the importance of password security. Generally this kind of shit happens because the users genuinely don't see what's wrong with a lack of security. Explain to them how important it is, and they'll take the effort to remember their passwords. Of course, this all assumes they're simple enough to remember, so you don't get post-it passwords on every monitor.
[/quote]
You realize that this requires access to the unencrypted text of the password which is for all practical purposes "really "*80 bad? So even if what you say makes sense, it means that they have unencrypted passwords or reversible encryption which means that if they get hacked all is fuuuuuudged. So, no, no practical uses. Sorry dude.