On Sat, Mar 19, 2011 at 17:49:19 -0600, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Thu, 17 Mar 2011 20:58:36 -0400 > Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx> wrote: > > > Hey, so we discussed in the meeting, FAS's password requirements are > > currently very lax - just a minimum length of 8 characters. What do > > we think the requirements should be changed to? > > > > One possible strength checker that I mentioned during the meeting was: > > http://www.nongnu.org/python-crack/ > > > > This can use a dictionary to detect weak passwords. > > > > Thoughts? > > I think a bit of requirements could be good here. We are looking at this issue at work as we are going to need to have around a couple hundred people here at InCommon silver in about 18 months. (And probably more not too long after that.) One nice document on password complexity is in appendix A of the document at: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf This should at least give you guys some things for thought. _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
