Bob Lord wrote:
> Andreas Premstaller wrote:
>
>> I don't see the need to count characters, numbers, ... in a password.
>> A user usually/hopefully chooses a password she/he can remember, and
>> if the user can remember it, I guess she/he is also able to count
>> the characters.
>> If you want to tell the user how to choose as good password, maybe a
>> section in the help explaining how you measure that is better.
>
> Robert Bihlmeyer also suggested this approach, and I agree. The
> quality meter is enough. We can add some text clearly explaining how
> to choose better passwords.
IMO, we should protect users from using passwords like the nickname of
the wife or birthdays. Help text is not enough.
>> How should a user find out that some clever math wiz was able to
>> crack that cipher? Is mozilla/netscape/somebodyelse going to send an
>> email to every user?
>
(Beonex would do that, to the users we know.)
> If someone were to break one of these ciphers, you'd read about it in
> popular press along with alarmist quotes about how the future of
> ecommerce is in doubt.
lol
> You'd hear about it. :-) And you'd want a very simple way of
> turning the offending cipher off.
Right, one that can be mentioned on the press article.
But you could argue that "Download version n.m of Netscape 6" is also
sufficently easy and also acceptable, considering that something like
that doesn't exactly happen each month.
