> I apologize if my meaning was unclear; it was not meant to be rude. I > think that looking at only the power of modern CPUs - how long it > takes to crack a password - misses the point. If you enforce longer > passwords than people are comfortable with, you get weaker passwords > (or poor password management practices). It's the humans that matter, > not the machines.
OK, got the point. Sorry for the misunderstanding (I was thinking that you were suggesting the original proposer of this enforcement to get a better brain..:-)). For sure, this point is to be considered and, definitely, this is what I've personnally experienced in day to day life (user getting weak passwords when the length is enforced). Despite this, I still favor some enforcement on passwords and the legnth is part of the problem. I see this as a kind of "cultural" enforcement of the fact that passwords are important stuff and seeing us (Debian, often seen as the operating system of choice for hardcore geeks) being serious about this is something that I would find correct policy.
signature.asc
Description: Digital signature
