savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] [savannah-help-public] [sr #108600] Regist


From: Eric Noulard
Subject: Re: [Savannah-hackers-public] [savannah-help-public] [sr #108600] Registration b0rked
Date: Fri, 27 Jun 2014 13:59:35 +0200




2014-06-26 23:35 GMT+02:00 Karl Berry <address@hidden>:
    - it's meant to support easy-to-remember https://xkcd.com/936/

In practice there are plenty of complaints about it and always have
been.  I don't find the cartoon especially convincing :).

    - last time we got a compromise (2010), the user had the encrypted
      passwords (through SQL injection), but he didn't get root.

I'd forgotten that.  It's a valid point.

+1
 
I think that the requirement on passwd are good.
May be we could just explain how to craft a password fullfilling the requirements
which does not imply a headache.


My usual favorite being to use the initial letter for each word of a phrase
(possibly long) an replace 'to' with '2'  or drop a '+' or '-' as separator and drop in
some number of space for punctuation.

This usually fullfil most of "strong" passwd requirement and do not
require a lot for remembering it.

Moroever if the passwd recovery process is efficient forgetting a passwd
is not that bad. I'm speaking of passwd for the average project user not
for sys admin of course.

My 2 c.:

Keep string requirement.
Give more advice about two 'create' strong passwd.

--
Erk
L'élection n'est pas la démocratie -- http://www.le-message.org

reply via email to

[Prev in Thread] Current Thread [Next in Thread]