> > I think Steven meant upping the requirements for new accounts only. In that > way nothing gets broken immediately. I'm still not absolutely convinced > this is more useful than a hindrance if we clearly inform the user about > password strength when they set them (see my earlier post about "this > password can be brute forced in x"). If users are then not deterred from > setting their password to "wiki", apparently they didn't care, as we told > them how easy it is to brute force. >
I think such statistics are misleading. Why would an attacker use brute force over a dictionary attack? -bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
