[BlueOnyx:09419] Re: Password Enforcement

[Chris Comley]

Well thanks for the input guys. The useful post was the one that says it
isn't possible without digging deep in the code. 

Not so helpful all the input about safe passwords, coz no, the users don't
get to choose their own, and *I* choose passwords for them which are both
secure and memorable. BQ's built-in system forces them to have passwords
which are secure but NOT memorable, and actually, not as secure as the one
I'd choose. 

For a simplified analysis of the problem, see

http://xkcd.com/936/

(well - you can't, coz of the blackout, but when you can, I hope I've picked
the correct panel!) 

-----Original Message-----
From: blueonyx-bounces at mail.blueonyx.it
[mailto:blueonyx-bounces at mail.blueonyx.it] On Behalf Of Robert Fitzpatrick
Sent: 06 January 2012 14:41
To: rodrigo at xnet.mx; BlueOnyx General Mailing List
Subject: [BlueOnyx:09329] Re: Password Enforcement

On 1/5/2012 9:43 AM, rodrigo ordonez wrote:
> I think creatin the user with the command line tools will avoid 
> cracklib
> 

Yes, I have used this a few times, just use 'passwd <user>', it will warn
you, but not keep you from using a "BAD" password. I will do that if I
believe a password is secure enough, but not for using weak passwords.

One thing I would like to note on this thread that would be *extremely*
helpful since implementing the strong password requirements. That is the
ability for users to reset their passwords. Although I cheer the
implementation since it has help tremendously with bots and the sort, the
ability to reset a password seems necessary with such requirements.

--Robert
--
Robert <robert at webtent.org>
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx