Oh, I see now that the fact that the installer shouldn't recommend
changing one's password regularly was also reported previously, in bug
#868869.
On 9/2/23 22:04, Jonathan Kamens wrote:
Nearly two years after Alejandro Colomar reported this issue, the
Debian installer is still giving people this bad advice: "A good
password will contain a mixture of letters, numbers and punctuation
and should be changed at regular intervals."
Alejandro explained at length why this advice about what's /in/ the
password is wrong, but he didn't address at all the other, perhaps
even more significant reason why this is wrong: we now know,
absolutely and unequivocally, that telling people to change their
passwords regularly makes security worse rather than better.
I understand that Debian may not be the most security-focused Linux
distribution, but can we please move Debian forward into the 21st
Century on this issue, at least, by updating the messaging in the
installer to give better advice?
Thank you.
