That's exactly my problem with this implementation of the password check. If only somewhere in the password there is a part of a dictionary word it will deny the password while this password could be very very safe.
Not the first topic about it.. Van: [email protected] [mailto:[email protected]] Namens Chris Comley Verzonden: donderdag 7 april 2011 14:56 Aan: 'BlueOnyx General Mailing List' Onderwerp: [BlueOnyx:06918] Re: Disable Strong Passwords Pisses me off when I base a password *around* a word (to make it easier to remember than plain garbage) and it *insists* it's a dictionary based word. I mean something like "Fred&44Bloggs!+" which, face it, you're never going to guess, and it's never going to be found by a dictionary attack. From: [email protected] [mailto:[email protected]] On Behalf Of Doug Harvey Sent: 07 April 2011 13:35 To: BlueOnyx General Mailing List Subject: [BlueOnyx:06917] Re: Disable Strong Passwords I like the strong passwords. I just have one complaint. If I enter a password: jj%123456&abcdef or something similar, the system will reject it calling it a weak password. If I enter something like: K12345, then the system will call it a strong password. Doug On Thu, Apr 7, 2011 at 1:16 AM, Ken - Precision Web Hosting, Inc <[email protected]> wrote: ----- Original Message ----- From: "User Ernie" <[email protected]> To: <[email protected]> Sent: Wednesday, April 06, 2011 9:34 PM Subject: [BlueOnyx:06914] Re: Disable Strong Passwords > There is nothing wrong with the system suggesting if a password is strong > or > weak in the programmers opinion, however a site administrator should > still be able to set what password they want. If a person can't remeber a > password because it's too hard, then they will either set it to auto > entry, > or write it down on a postit note or something equally insecure. > > BlueOnyx already locks out dictionary and other brute force attacks quite > well. > > > - Ernie. > It's really a pain to have to get yourself off of blacklists because of user=sales password=sales. Then the servers spams all night and you see it in the morning. Email software already remembers the passwords. Even the webmail can be set to remember. >>brute force attacks If the password is too easy, then it takes so few tries to guess it, that they are not blocked. I've had that happen multiple times. ---- Ken M Precision Web Hosting, Inc. http://www.precisionweb.net _______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
