ma, 2007-09-03 kello 08:33 -0600, Wesley J. Landaker kirjoitti: > Especially when the most common response I've seen to a system saying > that a > password is not long enough is to start adding easily guessable extension > strings to the password the user already picked, NOT to sit back down and > think up a better, intrinsicly longer password:
That's true. Ideally, we would replace passwords with a better authentication system, but I'm not sure that's going to be feasible. If we decide to stick with short passwords (and I'm not opposing that, Steve's explanation of his strategy made sense to me), we should make sure that we keep the default install such that network access to the computer won't be possible. Then, if anyone installs openssh-server or something, it's their own fault. (If we wanted to be really evil, we would have openssh-server verify that a valid password is of high quality before it accepts it.) -- I am a werehuman. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
