Re: RFC: changes to default password strength checks in pam_unix

To: debian-devel@lists.debian.org
Subject: Re: RFC: changes to default password strength checks in pam_unix
From: Miles Bader <miles.bader@necel.com>
Date: Tue, 04 Sep 2007 10:17:54 +0900
Message-id: <[🔎] buohcmbrzy5.fsf@dhapc248.dev.necel.com>
Reply-to: Miles Bader <miles@gnu.org>
In-reply-to: <[🔎] 20070903215951.GA12192@caradoc.them.org> (Daniel Jacobowitz's message of "Mon\, 3 Sep 2007 17\:59\:51 -0400")
References: <[🔎] 20070902194736.GA10366@dario.dodds.net> <[🔎] 1188767092.12456.11.camel@dorfl.lan> <[🔎] 20070902213925.GD10366@dario.dodds.net> <[🔎] 20070903022931.GA5649@caradoc.them.org> <[🔎] 20070903050138.GR9479@kheops.homeunix.org> <[🔎] 20070903215951.GA12192@caradoc.them.org>

Daniel Jacobowitz <dan@debian.org> writes:
> If you enforce longer passwords than people are comfortable with, you
> get weaker passwords (or poor password management practices).  It's
> the humans that matter, not the machines.

Exactly.

If the system is excessively anal about what passwords it will let you
use, people will just start writing them down...

[One system I like is the password strength meter that you get when
signing up for a gmail account, updated with every keystroke when
entering a password.  I don't recall whether it actually enforced
anything, but I think when the user can see what's happening and very
easily make incremental modifications, the results would tend to be
better.]

-miles

-- 
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread.

Reply to:

Follow-Ups:
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Lars Wirzenius <liw@iki.fi>

References:
- RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Lars Wirzenius <liw@iki.fi>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Christian Perrier <bubulle@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Daniel Jacobowitz <dan@debian.org>

Prev by Date: Bug#440744: ITP: docbook-xsl-saxon -- Java extensions for use with DocBook XML stylesheets (Saxon)
Next by Date: Re: RFC: changes to default password strength checks in pam_unix
Previous by thread: Re: RFC: changes to default password strength checks in pam_unix
Next by thread: Re: RFC: changes to default password strength checks in pam_unix
Index(es):
- Date
- Thread