[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server restored after Compromise

On Thu, Jul 13, 2006 at 08:18:27PM +0200, Bas Zoetekouw wrote:

> > An investigation of developer passwords revealed a number of weak
> > passwords whose accounts have been locked in response.
> That's not good.  
> Should we maybe implement a stricter password policy?  Or maybe only
> allow pubkey ssh authentication?

  Definitely a good idea.

  We already trust users to maintain their GPG key securely, so
 adding the requirement they do the same with an SSH keypair isn't
 anything more difficult.


Attachment: signature.asc
Description: Digital signature

Reply to: