[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] [savannah-help-public] [sr #108600] Regist

From: Eric Noulard
Subject: Re: [Savannah-hackers-public] [savannah-help-public] [sr #108600] Registration b0rked
Date: Fri, 27 Jun 2014 13:59:35 +0200

2014-06-26 23:35 GMT+02:00 Karl Berry <address@hidden>:
    - it's meant to support easy-to-remember

In practice there are plenty of complaints about it and always have
been.  I don't find the cartoon especially convincing :).

    - last time we got a compromise (2010), the user had the encrypted
      passwords (through SQL injection), but he didn't get root.

I'd forgotten that.  It's a valid point.

I think that the requirement on passwd are good.
May be we could just explain how to craft a password fullfilling the requirements
which does not imply a headache.

My usual favorite being to use the initial letter for each word of a phrase
(possibly long) an replace 'to' with '2'  or drop a '+' or '-' as separator and drop in
some number of space for punctuation.

This usually fullfil most of "strong" passwd requirement and do not
require a lot for remembering it.

Moroever if the passwd recovery process is efficient forgetting a passwd
is not that bad. I'm speaking of passwd for the average project user not
for sys admin of course.

My 2 c.:

Keep string requirement.
Give more advice about two 'create' strong passwd.

L'élection n'est pas la démocratie --

reply via email to

[Prev in Thread] Current Thread [Next in Thread]