Re: Heads up - Anaconda 22.17 will enforce 'good' passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane <bcl@xxxxxxxxxx> wrote:

> Next to impossible? Really? I've find it easy to come up with passwords
> that work.

You think this is easy. Other's don't. It's a condescending,
pointless, and unwinnable argument, and it needs to stop.

I tried anaconda 22.17. I failed to produce an acceptable 8 character
password, and tolerated a 10 character one to appease the installer,
which was promptly forgotten 1/2 an hour later. While humorous, it
also pissed me off. That's not a good UX by definition but I know you
tend to discard negative UX whenever you disagree with the actions of
the user.

> I don't think we should make it act differently. While the change
> request for sshd setup was the initial reason I wrote the changes, I
> think that ALL passwords on the system need to be strong these days.

You keep trying to frame this as weak vs strong passwords, and that's
simply wrong. It's a very weak vs weak password difference, yet it
comes with a disproportionate burden on the user. Every single device
I own, and even ATMs I don't own, have better security and a truly
easy UX than this policy proposes.

> I don't find any of the arguments against the change to be compelling.

I also notice how many times you defend this policy change with "I".
You find it easy, you think it's needed, you find others' arguments
uncompelling. It's just more of the same casting aside of user
opinions that you merely disagree with. And disagreement with the
opinions of others isn't a defense that withstands scrutiny.

Do you find it conspicuous that in a ~70 email thread that no one
except you has posted in favor of the change? The strongest statement
in favor of it that I've read, other than yours, is from sgallagh, in
the Server WG meeting minutes. [1]

16:34:28 <sgallagh> A more reasonable approach would be to just
enforce a better root password (not more complex, just longer)

Adamw's hyperbole notwithstanding, his sentiment in that same meeting
is compatible with mine: quit job, and buy a yak farm instead of
typing long passwords a dozen fking times a day.

I surmise the Server WG would reject the current behavior in 22.17
also due to the (capricious) complexity required, and if so there
wouldn't be a misalignment requiring separate behavior between Server
and Workstation.

>We should be
> encouraging them to choose stronger passwords and we should remember
> that we're not the only people running Fedora.

Encourage: - give support and advice to (someone) so that they will do
or continue to do something
Coerce:  - persuade (an unwilling person) to do something by using
force or threats

22.17 forces me to use a weak instead of very weak password, or I'm
disallowed from installing. That behavior meets the definition of
coercion, not encouragement.


[1]
http://meetbot.fedoraproject.org/fedora-meeting-1/2015-01-13/fedora-meeting-1.2015-01-13-16.00.log.html


-- 
Chris Murphy

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list




[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux