On Mon, Dec 30, 2013 at 11:15:06PM +0800, Thomas Goirand wrote: > On 12/30/2013 02:55 PM, li-zheming wrote: > > hi all: > > when create user, you can set user password. You can set password > > as a simple word 'a'. the > > password is too simple but not limit. if someone want to steal your > > password, it is so easily(such as exhaustion). > > I consider that it must be limited when set password, like this: > > 1. inlcude uppper and lower letters > > 2. include nums > > 3. include particular symbol,such as '_','&' > > 4. the length>8 > > administor can set the password rule. > > Hi, > > If you want to check for password complexity, do it the correct way. I'm > used to *always* use a password generator that uses only lower case, and > removes chars that can be confused with one another, so that you don't > have l and 1, or O and 0 in my passwords. Yet, they are high entropy and > long. If you just force me to add upper+lower case and add symbols, then > you are just annoying me even with my very good passwords. > > > I want to provide a BP about this issue. can you give me some advice > > or ideas?? > > Please use a password entropy function. Something like this: > https://pypi.python.org/pypi/cracklib > > Thomas > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
I agree with this, if there is a check, it should check general safety, rather than expect to fulfill all conditions, if i have a 50 letters pass (and i do, using full sentences is quite convenient), don't force me to have numbers or symbols in it, it's already way harder to crack than an 8 chars word with a capital, a number, and a non-alphanumerical char. -- Gabriel Pettier Software Engineer at CloudWatt.com 06 85 10 36 34 _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
