[BlueOnyx:06914] Re: Disable Strong Passwords
User Ernie
ernie at info.eis.net.au
Wed Apr 6 23:34:42 -05 2011
There is nothing wrong with the system suggesting if a password is strong or
weak in the programmers opinion, however a site administrator should
still be able to set what password they want. If a person can't remeber a
password because it's too hard, then they will either set it to auto entry,
or write it down on a postit note or something equally insecure.
BlueOnyx already locks out dictionary and other brute force attacks quite
well.
- Ernie.
> Weak passwords = system compromise.
> System compromise = lots of wasted time to fix
> Lots of wasted time to fix = big cost to sys-admin.
> Sys-admin costs need to be recovered from customers.
>
> Therefore: If user wants weak password, tell them there is a special
> plan that is available to cover the cost. The monthly cost is 4 times
> your normal monthly fee.
>
> (You don't have to fix everything with technology).
>
> Regards,
> Greg.
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
More information about the Blueonyx
mailing list