On 12/30/2013 02:55 PM, li-zheming wrote: > hi all: > when create user, you can set user password. You can set password > as a simple word 'a'. the > password is too simple but not limit. if someone want to steal your > password, it is so easily(such as exhaustion). > I consider that it must be limited when set password, like this: > 1. inlcude uppper and lower letters > 2. include nums > 3. include particular symbol,such as '_','&' > 4. the length>8 > administor can set the password rule.
Hi, If you want to check for password complexity, do it the correct way. I'm used to *always* use a password generator that uses only lower case, and removes chars that can be confused with one another, so that you don't have l and 1, or O and 0 in my passwords. Yet, they are high entropy and long. If you just force me to add upper+lower case and add symbols, then you are just annoying me even with my very good passwords. > I want to provide a BP about this issue. can you give me some advice > or ideas?? Please use a password entropy function. Something like this: https://pypi.python.org/pypi/cracklib Thomas _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
