On 5/7/07, Mark Ryan <ultrablue(a)gmail.com> wrote:
On 07/05/07, Blu Aardvark
<jeffrey.latham(a)gmail.com> wrote:
In addition, it should be entirely disallowed for
a user to create a
password containing the string "password" or that is identical to their
username.
I agree entirely, except I think, for longer usernames at least, it
should not *contain* their username. But that sorta gets stuffed up
when people have like [[User:A]]. :-\
If we can get consensus to do it we could run a password cracker on
all the hashes of the sysops passwords.. desysop the inactive ones
with weak passwords, and quietly email the active ones with weak
passwords and tell them to pick better ones.
Ultimately it would be nice if we had a password strength checker ...
but doing this would address the immediate need.