[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] password must be more complicated
From: |
Jan Owoc |
Subject: |
Re: [Savannah-users] password must be more complicated |
Date: |
Wed, 8 May 2013 21:48:20 -0600 |
On Wed, May 8, 2013 at 1:34 AM, Bob Proulx <address@hidden> wrote:
>> It is one of the problems, for sure. Users put together 3 different
>> classes in their 8 chars (already a big pain), it fails, and since the
>> feedback as to why it fails is not specific, they just iterate randomly
>> and find one that works. Very frustrating. I've been frustrated by it
>> myself.
>
> Yes. Let's fix this then.
>
>> Is there a way to get pwqcheck to report more specifically why a pw is
>> bad?
>
> It is actually telling us what it thinks is wrong. But as far as I
> can tell that is just incorrect. So we toss it out thinking that it
> isn't really telling us the right thing. Because it isn't.
I've seen a handful of websites offering a JavaScript-based password
quality checker. The website states something like "you must have a
quality of 40 for me to accept the password", and then the user types
characters, numbers, symbols, etc., until the quality meter hits at
least 40 (of 100). I sometimes dislike that a clever password I've
invented only gets 38, but I get instant feedback, rather than waiting
for the page to reload.
I found one that is GPLv3 [1], so we might be able to adapt it to our
needs. The important thing though, is that if the JavaScript strength
meter says a password is "good", the same algorithm on the server
should accept the password.
[1] http://www.passwordmeter.com/
Jan
- Re: [Savannah-users] password must be more complicated, (continued)
- Re: [Savannah-users] password must be more complicated, Jan Owoc, 2013/05/07
- Re: [Savannah-users] password must be more complicated, Karl Berry, 2013/05/07
- Re: [Savannah-users] password must be more complicated,
Jan Owoc <=
- Re: [Savannah-users] password must be more complicated, Bob Proulx, 2013/05/13
- Re: [Savannah-users] password must be more complicated, Jan Owoc, 2013/05/13
- Re: [Savannah-users] password must be more complicated, Bob Proulx, 2013/05/15
- Re: [Savannah-users] password must be more complicated, Ineiev, 2013/05/17
- Re: [Savannah-users] password must be more complicated, Ineiev, 2013/05/14
Re: [Savannah-users] password must be more complicated, Bruce Korb, 2013/05/09