Mailinglist Archive: opensuse (4654 mails)

< Previous Next >
[opensuse] [feature-request] password strength meter in Yast (was: passwordless users in Yast)
  • From: "Alexey Eremenko" <al4321@xxxxxxxxx>
  • Date: Wed, 24 Jan 2007 23:39:07 +0200
  • Message-id: <7fac565a0701241339j46c65138g9978a027799561f8@xxxxxxxxxxxxxx>
You're right, I misread. I thought he wanted to run without a user account,
but he only wants his user account to not have a password

If he doesn't allow logins at all on his system, that might not be a security
hole, so that's not so bad as running as root

But it shouldn't be the default, the default should be to force it. At
present, it doesn't force a strong password, you can have the password
"hello", and yast will produce warnings about it but it will let you do it. I
don't think this is a bad thing

Yes, what I want, is that Yast allow me to create a user account, but
a passwordless one (currently impossible) during SUSE install. For
one-user (home) it's a non-problem as I trust people that I live with
(my family).

To balance the security model (i.e improve), I have an excellent idea:
"password-strength meter" for every new password created via Yast.

make some progress bar, that is black for no-password, red if password
is weak, yellow for moderate strength passwords and green for very
strong passwords.

This bar must be shown every time a new user is created (including
during SUSE setup),
or the password is changed via Yast.

-Alexey Eremenko.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups