On Tue, 11 Oct 2016 08:35:35 +0000 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote: > > Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > > > Yes. The hint that "this passphrase is weak" is very useful. But > > > enforcing any policy is just too inflexible. I just tried to > > > explain (unsuccessfully) to a kid (2nd grade, so any "strong" > > > password would simply be immediately forgotten) why she cannot > > > change the password in the gnome dialogue, and it was a total > > > waste of time. > > > > Is a second-grader actually unable to remember "correct horse > > battery staple"? I strongly doubt that. Spell it, maybe not, but > > surely she could remember a four-word string? > > A pass*phrase* like that is certainly much more feasible than a > pass*word*. But I still think it'd be an effort, for example I'd > estimate a 50-50 chance of a passphrase being forgotten over a two > week break. > > And as for the spelling, notice the double-r and double-t, those would > be a source of trouble ;) Without any feedback and only three tries, > this would be rather frustrating. How about a phrase she will remember, and will take pleasure in typing? ;-) "you are a good girl" or variation. Does she have a favorite passage in a book she reads? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
