[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] password must be more complicated
From: |
Jan Owoc |
Subject: |
Re: [Savannah-users] password must be more complicated |
Date: |
Tue, 7 May 2013 08:15:18 -0600 |
Hi Bob,
On Tue, May 7, 2013 at 1:48 AM, Bob Proulx <address@hidden> wrote:
> Setting match=0 seems to help with the "dictionary" issue.
>
> $ echo ohtaOe0h | pwqcheck -1 match=0 max=256 min=disabled,24,11,8,7
> OK
>
> $ echo uChiel9m | pwqcheck -1 match=0 max=256 min=disabled,24,11,8,7
> OK
>
[...]
>
> Does anyone see why the results are so crazy using pwqcheck? Is this
> problem causing users grief? Or a different problem?
I can confirm that the previous settings in Savannah (haven't checked
now) would not allow a few completely random passwords because they
were apparently based on dictionary words. It was immensely
frustrating (as a user) to be first told that none of my common
passwords pass, then turn to a password generator and be told that a
password looking like "ohtaOe0huChiel9m" is based on a dictionary
word. I think it took me 3 tries to generate something that would be
acceptable (longer passwords are more likely to have a 4-character
sub-string that is apparently based on a dictionary word).
Jan