1 |
Benjamin Smee (strerror) wrote: |
2 |
> lo, |
3 |
> |
4 |
> On Tuesday 17 January 2006 14:32, PaweB Madej wrote: |
5 |
> |
6 |
>>>At this moment I use standard autentication. |
7 |
> |
8 |
> |
9 |
> No such thing. You mean you are using the authentication that Gentoo uses with |
10 |
> a default style installation. |
11 |
> |
12 |
> |
13 |
>>>I already don't have any |
14 |
>>>plan of changing passwords, |
15 |
> |
16 |
> |
17 |
> Then why are you worried about strong passwords? |
18 |
|
19 |
I feel compelled to point out that 8-character passwords, |
20 |
no matter their composition, aren't really that strong |
21 |
anymore. Also, forcing users to use special characters |
22 |
and change passwords frequently only guarantees that they |
23 |
will write them down, often not in secure places. |
24 |
|
25 |
You might consider having users use longer passwords |
26 |
(a passphrase). They're easier for a user to remember, |
27 |
so they're less likely to write them down. They're also |
28 |
far more resistant to brute force attacks and guessing. |
29 |
Also consider that if you require two capital letters, |
30 |
2 numbers, and 2 special characters, you've just reduced |
31 |
the number of possible 8-character passwords quite |
32 |
significantly. |
33 |
|
34 |
It's usually very easy for a user to remember something |
35 |
like 'My child flies kites.' but if you make them use |
36 |
things like '^3!kX$1a' and force changes every couple |
37 |
of months, they *will* write it on a post-it note and |
38 |
stick it in their desk drawer or on their display. |
39 |
|
40 |
-Mark |
41 |
-- |
42 |
gentoo-server@g.o mailing list |