Ben Bucksch wrote:
> Bob Lord wrote:
>
>> Andreas Premstaller wrote:
>>
>>> I don't see the need to count characters, numbers, ... in a password.
>>> A user usually/hopefully chooses a password she/he can remember, and
>>> if the user can remember it, I guess she/he is also able to count
>>> the characters.
>>> If you want to tell the user how to choose as good password, maybe a
>>> section in the help explaining how you measure that is better.
>>
>>
>> Robert Bihlmeyer also suggested this approach, and I agree. The
>> quality meter is enough. We can add some text clearly explaining how
>> to choose better passwords.
>
>
> IMO, we should protect users from using passwords like the nickname of
> the wife or birthdays. Help text is not enough.
Ben, it definitively is a good thing to educate users to choose good
passwords. A smart algorithm for the quality meter (as will be or is
already used in mozilla, right, Bob ;-)?) will use non-alpha-characters,
uppercase, ... (the "entropy" of the password) to calculate the quality
of the password. The usual nickname will automatically turn out as a bad
password then. I guess you did not want to suggest to check against
dictionaries?
>>> How should a user find out that some clever math wiz was able to
>>> crack that cipher? Is mozilla/netscape/somebodyelse going to send an
>>> email to every user?
>>
>>
> (Beonex would do that, to the users we know.)
That's definitively a good reason to use Beonex.
>> If someone were to break one of these ciphers, you'd read about it in
>> popular press along with alarmist quotes about how the future of
>> ecommerce is in doubt.
>
> lol
>
>> You'd hear about it. :-) And you'd want a very simple way of
>> turning the offending cipher off.
>
> Right, one that can be mentioned on the press article.
Bob, by popular press, do you mean computer magazine or newspaper. I
doubt you find instructions to turn something on or off in a browser in
a regular newspaper. On the other hand, a computer magazine can as
easily publish a line to add to a pref file.
> But you could argue that "Download version n.m of Netscape 6" is also
> sufficently easy and also acceptable, considering that something like
> that doesn't exactly happen each month.
...and that is also what people are used to from IE :-).
