[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

Daniel Jacobowitz <dan@debian.org> writes:
> If you enforce longer passwords than people are comfortable with, you
> get weaker passwords (or poor password management practices).  It's
> the humans that matter, not the machines.


If the system is excessively anal about what passwords it will let you
use, people will just start writing them down...

[One system I like is the password strength meter that you get when
signing up for a gmail account, updated with every keystroke when
entering a password.  I don't recall whether it actually enforced
anything, but I think when the user can see what's happening and very
easily make incremental modifications, the results would tend to be


*This is the cute bunny virus, please copy this into your sig so it can spread.

Reply to: