[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: A better way to think about passwords
From: Nicholas Cole <nicholas.cole () gmail ! com>
Date: 2011-04-21 11:09:50
Message-ID: BANLkTimvYnuCA6HF9K+Y++mVQ4RtAuHiSA () mail ! gmail ! com
[Download RAW message or body]
Isn't the real problem that *any* policy (suggested or enforced)
reduces the complexity of guessing a password? The moment you start
saying "pick three words separated by a space or dash" or "pick eight
random letters" or the like you make it easier to attack a password.
My employer insists on passwords that meet a defined and public set of
criteria. I'm sure that in theory that actually makes them easier to
crack, since many millions of possibilities can be discounted.
In short: don't force a particular strategy on your users. Much
better to explain to users the general problem, and then leave it up
to them to pick a password.
Nicholas
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic