[BlueOnyx:06919] Re: Disable Strong Passwords

Tjerk Hacquebord lists at hqmatics.nl
Thu Apr 7 08:12:05 -05 2011 

That's exactly my problem with this implementation of the password check.

If only somewhere in the password there is a part of a dictionary word it
will deny the password while this password could be very very safe.

Not the first topic about it..

 

 

Van: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
Namens Chris Comley
Verzonden: donderdag 7 april 2011 14:56
Aan: 'BlueOnyx General Mailing List'
Onderwerp: [BlueOnyx:06918] Re: Disable Strong Passwords

 

Pisses me off when I base a password *around* a word (to make it easier to
remember than plain garbage) and it *insists* it's a dictionary based word.
I mean something like "Fred&44Bloggs!+" which, face it, you're never going
to guess, and it's never going to be found by a dictionary attack. 

 

From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On
Behalf Of Doug Harvey
Sent: 07 April 2011 13:35
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:06917] Re: Disable Strong Passwords

 

I like the strong passwords. I just have one complaint.  If I enter a
password: jj%123456&abcdef or something similar, the system will reject it
calling it a weak password.  If I enter something like: K12345, then the
system will call it a strong password.

Doug



On Thu, Apr 7, 2011 at 1:16 AM, Ken - Precision Web Hosting, Inc
<kenlists at precisionweb.net> wrote:


----- Original Message -----
From: "User Ernie" <ernie at info.eis.net.au>
To: <blueonyx at blueonyx.it>
Sent: Wednesday, April 06, 2011 9:34 PM
Subject: [BlueOnyx:06914] Re: Disable Strong Passwords


> There is nothing wrong with the system suggesting if a password is strong
> or
> weak in the programmers opinion, however a site administrator should
> still be able to set what password they want.  If a person can't remeber a
> password because it's too hard, then they will either set it to auto
> entry,
> or write it down on a postit note or something equally insecure.
>
> BlueOnyx already locks out dictionary and other brute force attacks quite
> well.
>
>
> - Ernie.
>

It's really a pain to have to get yourself off of blacklists because of
user=sales password=sales.  Then the servers spams all night and you see it
in the morning.

Email software already remembers the passwords. Even the webmail can be set
to remember.

>>brute force attacks
If the password is too easy, then it takes so few tries to guess it, that
they are not blocked. I've had that happen multiple times.

----
Ken M
Precision Web Hosting, Inc.
http://www.precisionweb.net






_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110407/cfdbcf58/attachment.html>

More information about the Blueonyx mailing list