| 1 |
Benjamin Smee (strerror) wrote: |
| 2 |
> lo, |
| 3 |
> |
| 4 |
> On Tuesday 17 January 2006 14:32, PaweB Madej wrote: |
| 5 |
> |
| 6 |
>>>At this moment I use standard autentication. |
| 7 |
> |
| 8 |
> |
| 9 |
> No such thing. You mean you are using the authentication that Gentoo uses with |
| 10 |
> a default style installation. |
| 11 |
> |
| 12 |
> |
| 13 |
>>>I already don't have any |
| 14 |
>>>plan of changing passwords, |
| 15 |
> |
| 16 |
> |
| 17 |
> Then why are you worried about strong passwords? |
| 18 |
|
| 19 |
I feel compelled to point out that 8-character passwords, |
| 20 |
no matter their composition, aren't really that strong |
| 21 |
anymore. Also, forcing users to use special characters |
| 22 |
and change passwords frequently only guarantees that they |
| 23 |
will write them down, often not in secure places. |
| 24 |
|
| 25 |
You might consider having users use longer passwords |
| 26 |
(a passphrase). They're easier for a user to remember, |
| 27 |
so they're less likely to write them down. They're also |
| 28 |
far more resistant to brute force attacks and guessing. |
| 29 |
Also consider that if you require two capital letters, |
| 30 |
2 numbers, and 2 special characters, you've just reduced |
| 31 |
the number of possible 8-character passwords quite |
| 32 |
significantly. |
| 33 |
|
| 34 |
It's usually very easy for a user to remember something |
| 35 |
like 'My child flies kites.' but if you make them use |
| 36 |
things like '^3!kX$1a' and force changes every couple |
| 37 |
of months, they *will* write it on a post-it note and |
| 38 |
stick it in their desk drawer or on their display. |
| 39 |
|
| 40 |
-Mark |
| 41 |
-- |
| 42 |
gentoo-server@g.o mailing list |
Archives