Re: FAS password complexity requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 17 Mar 2011 20:58:36 -0400
Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx> wrote:

> Hey, so we discussed in the meeting, FAS's password requirements are
> currently very lax - just a minimum length of 8 characters.  What do
> we think the requirements should be changed to?
> 
> One possible strength checker that I mentioned during the meeting was:
> http://www.nongnu.org/python-crack/
> 
> This can use a dictionary to detect weak passwords.
> 
> Thoughts?

I think a bit of requirements could be good here. 

What are the requirements used by anaconda/passwd? 
Many fedora folks should be used to those. pam_cracklib defaults to 8
char I think (man pam_cracklib), but not sure on which other things it
gates. 

- forbid the login in the password (either forward or backward)
- 8 chars
- at least 1 upper case
- at least 1 special char

Or the like. I think having some requirements is good... 

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux