> I would consider the following to be good interaction:
>
> For a password like: Troubadour1&
>
> """
> Your password failed a complexity check, estimated entropy: 17 bits, password
> pattern detected: dictionary word with simple modifications (capitalise,
> suffix-1, suffix-symbol). This system requires passwords with at least 20
> bits
> of entropy.
That ends up saying “too bad, try something else” like we already do, except there are more scary words ☺ Showing the pattern that was detected does nothing to show _other_ patterns that will also not be allowed.
> If nobody else is looking at your screen, you can use one of the following
> random passwords:
> red mist
> second wanted degree
> however ready respect using
> """
Now this is an useful idea. We should have this. (The required never-ending nowhere-leading discussion about what the recommendations should look like notwithstanding.)
Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
