On 5/8/07, Mark Wagner carnildo@gmail.com wrote:
On 5/6/07, Blu Aardvark jeffrey.latham@gmail.com wrote:
I'd like to see some changes to the password system. As it is, there are *no* restrictions on allowed passwords, as long as it is at least one character in length.
Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number.
Bugger that. My standard forum password meets those requirements, but is still incredibly weak. My Wikipedia password does *not* meet those requirements, but is much stronger, and has the added bonus that I can remember it.
-- Mark [[User:Carnildo]]
Carnildo is right. If you had to pick a different password for absolutely every site you visit, you either forget it, or run into problems trying to store it somehow. Requiring people to use numbers just adds a few options to the list of possible passwords, but if the hacker spends enough time on it, that password is no safer. We should somehow try to notice multiple failed logins and warn the targetted user about what is happening if it happens again.
Mgm