Benjamin Smee (strerror) wrote: > lo, > > On Tuesday 17 January 2006 14:32, PaweB Madej wrote: > >>>At this moment I use standard autentication. > > > No such thing. You mean you are using the authentication that Gentoo uses > with > a default style installation. > > >>>I already don't have any >>>plan of changing passwords, > > > Then why are you worried about strong passwords?
I feel compelled to point out that 8-character passwords, no matter their composition, aren't really that strong anymore. Also, forcing users to use special characters and change passwords frequently only guarantees that they will write them down, often not in secure places. You might consider having users use longer passwords (a passphrase). They're easier for a user to remember, so they're less likely to write them down. They're also far more resistant to brute force attacks and guessing. Also consider that if you require two capital letters, 2 numbers, and 2 special characters, you've just reduced the number of possible 8-character passwords quite significantly. It's usually very easy for a user to remember something like 'My child flies kites.' but if you make them use things like '^3!kX$1a' and force changes every couple of months, they *will* write it on a post-it note and stick it in their desk drawer or on their display. -Mark -- [email protected] mailing list
