Lew Wolfgang wrote:
Linda Walsh wrote:
I need to require users to use 2 caps, 2 lowercase, 2 special, and 2 numbers. Wow....what's this for? Sounds like it would be a royal
Jeremy Leonard wrote: pain in the posterior....
Why so many special requirements? Isn't it more important for a user to have an unbreakable or unguessable password than to meet certain criteria of characters? Tell users just to use a "passphrase" instead of a password...and require 20 characters or more. Wouldn't that create a small amount of security? Who was it I saw recently...had a password that was a 20-30 digit prime-looking number.
Not only is this a PITA, it gives you less overall security. People can't memorize the passwords, so they have to write them down, and usually leave them in the vicinity of their monitor. If they don't write them down they use keyboard patterns rather than words/phrases. This makes it easier for a password cracker, just test for a fairly small subset of patterns.
Unfortunately, this is true.
The knuckleheads that come up with these requirements mean well, they just didn't do their homework. They can increase password entropy more by increasing length, rather than width. Just count the bits. Width requirements would make sense in the old-days when passwords were limited to eight characters.
Regards, Lew
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org