On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote: > Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > > Yes. The hint that "this passphrase is weak" is very useful. But > > enforcing any policy is just too inflexible. I just tried to explain > > (unsuccessfully) to a kid (2nd grade, so any "strong" password would > > simply be immediately forgotten) why she cannot change the password in > > the gnome dialogue, and it was a total waste of time. > > Is a second-grader actually unable to remember "correct horse battery > staple"? I strongly doubt that. Spell it, maybe not, but surely she > could remember a four-word string? A pass*phrase* like that is certainly much more feasible than a pass*word*. But I still think it'd be an effort, for example I'd estimate a 50-50 chance of a passphrase being forgotten over a two week break. And as for the spelling, notice the double-r and double-t, those would be a source of trouble ;) Without any feedback and only three tries, this would be rather frustrating. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
