https://bugzilla.wikimedia.org/show_bug.cgi?id=16435
--- Comment #4 from Mike.lifeguard <[email protected]> 2009-02-19 17:41:33 UTC --- (In reply to comment #3) > Since there's a captcha after 3 attempts and a temporary lockout after 3 (or > so) more attempts, I'm not sure if it's a good idea to enforce that much brute > force or dictionary resistant passwords. > Too strong passwords would be difficult for the users to remember. > What about just letting the user know about his/her password strength ? > Yes, that'd be nice too. I know of several sites which have a password strengh indicator beside the input which changes as you're typing from "empty" in grey -> "weak" in red -> "OK" in yellow -> "strong" in green using AJAX. > However, since the compromised accounts passwords were either the same as the > login or just "password", those are basic rules to improve password strength > (they are probably already active). > I'm not sure what you mean here... Are there already restrictions on using "password" as the password, or using your username as the password? That good, but we can do better. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
