[BlueOnyx:06920] Re: Disable Strong Passwords
PM
pm at nm.tm
Thu Apr 7 08:37:00 -05 2011
And there again I can get by with short local place names. Secure??? I think not
Wondering who decided this???
This type of 'baby sitting' is creeping into BO more and more under the banner of 'security'
----- Original Message -----
From: Tjerk Hacquebord
To: 'BlueOnyx General Mailing List'
Sent: Thursday, April 07, 2011 2:12 PM
Subject: [BlueOnyx:06919] Re: Disable Strong Passwords
That's exactly my problem with this implementation of the password check.
If only somewhere in the password there is a part of a dictionary word it will deny the password while this password could be very very safe.
Not the first topic about it..
Van: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] Namens Chris Comley
Verzonden: donderdag 7 april 2011 14:56
Aan: 'BlueOnyx General Mailing List'
Onderwerp: [BlueOnyx:06918] Re: Disable Strong Passwords
Pisses me off when I base a password *around* a word (to make it easier to remember than plain garbage) and it *insists* it's a dictionary based word. I mean something like "Fred&44Bloggs!+" which, face it, you're never going to guess, and it's never going to be found by a dictionary attack.
From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On Behalf Of Doug Harvey
Sent: 07 April 2011 13:35
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:06917] Re: Disable Strong Passwords
I like the strong passwords. I just have one complaint. If I enter a password: jj%123456&abcdef or something similar, the system will reject it calling it a weak password. If I enter something like: K12345, then the system will call it a strong password.
Doug
On Thu, Apr 7, 2011 at 1:16 AM, Ken - Precision Web Hosting, Inc <kenlists at precisionweb.net> wrote:
----- Original Message -----
From: "User Ernie" <ernie at info.eis.net.au>
To: <blueonyx at blueonyx.it>
Sent: Wednesday, April 06, 2011 9:34 PM
Subject: [BlueOnyx:06914] Re: Disable Strong Passwords
> There is nothing wrong with the system suggesting if a password is strong
> or
> weak in the programmers opinion, however a site administrator should
> still be able to set what password they want. If a person can't remeber a
> password because it's too hard, then they will either set it to auto
> entry,
> or write it down on a postit note or something equally insecure.
>
> BlueOnyx already locks out dictionary and other brute force attacks quite
> well.
>
>
> - Ernie.
>
It's really a pain to have to get yourself off of blacklists because of
user=sales password=sales. Then the servers spams all night and you see it
in the morning.
Email software already remembers the passwords. Even the webmail can be set
to remember.
>>brute force attacks
If the password is too easy, then it takes so few tries to guess it, that
they are not blocked. I've had that happen multiple times.
----
Ken M
Precision Web Hosting, Inc.
http://www.precisionweb.net
_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx
------------------------------------------------------------------------------
_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110407/4a4c6346/attachment.html>
More information about the Blueonyx
mailing list