Mailinglist Archive: opensuse-factory (904 mails)

< Previous Next >
Re: [opensuse-factory] User and root defaults
  • From: Felix-Nicolai Müller <fnmueller@xxxxxxxxxxxx>
  • Date: Sun, 27 Apr 2008 12:11:41 +0200
  • Message-id: <4814515D.8030209@xxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephan Kulow schrieb:
| Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller:
|> some very bright and all knowing light(s) at novell thought this through
|> for us already (to the fullest and absolutely correct extend). What fool
|> are you to question those decisions? Don't you see that ubuntu is the
|> way to go? It is by far and to utmost certainty the most usable and
|
| Weren't you the one suggesting to use sudo as secure default without any
| root password?
I was suggesting to use sudo in order to make the point that this is
worse than sudo and _even_ sudo would be the better way to go.
|
| Please give a reason why this should be different other than "user
passwords
| are generally way weaker" - especially as you declare with this the exact
| reason why it's nonsense to ask for two passwords.
Having a weak user password is not the best thing, but it's bearable.
Having a weak root password is not a good idea at all. I have a
relatively weak user password (as most people do) because it is in fact
annoying to type in your 23 character user password each time you want
to log in. Depending on how you use sudo, this becomes even more annoying.
So it does make sense to ask for two passwords. It makes sense to show
the user that there is a root user and that there is a difference
between a normal user and root. It makes sense to the ones already
knowing there is root to let them know what the root password is.
You are focusing on those just clicking next (I assume from the line of
your argumentation). But those are exactly the users who do not care
about a weak password box.

Microsoft has realized that and worked around that in Vista. Security
normally comes with a trade off in usability. This is just something the
user has to learn instead of being pampered into a dumb state. Why
should we make the same mistakes Microsoft has made in the past (and
already done away with it)?

|The user is much more
| likely to accept the "your password is weak" message box if this is
the second password.

True, but they do not care about the first box either.
|
| Greetings, Stephan

Greetings
Felix
| ---------------------------------------------------------------------
| To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
| For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
|
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIFFFcaQ44ga2xxAoRAuLdAKC+B5Xf13Uy2eO85PxPeDeym3MUYgCeJtrv
ZLxtj/arSMFeJw7cwYs5llo=
=bJmM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References