> <brion> "aaaaaaaaaaaaaaaaaaaaaaaa" ain't secure > <TimStarling> "password" isn't secure either, and that's 8 > > It seems to me that a pretty secure approach would be to have the system > give the user his 8-12 character password, rather than letting him pick a > password. Then we can be assured that he's not doing stuff like "p@ssword" > to meet the complexity requirements.
Well if we are going to go down that road, requring public/private key pairs would also be more secure. However i doubt either would be acceptable to users. -bawolff _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
