On 5/7/07, Mark Ryan ultrablue@gmail.com wrote:
On 07/05/07, Blu Aardvark jeffrey.latham@gmail.com wrote:
In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.
I agree entirely, except I think, for longer usernames at least, it should not *contain* their username. But that sorta gets stuffed up when people have like [[User:A]]. :-\
If we can get consensus to do it we could run a password cracker on all the hashes of the sysops passwords.. desysop the inactive ones with weak passwords, and quietly email the active ones with weak passwords and tell them to pick better ones.
Ultimately it would be nice if we had a password strength checker ... but doing this would address the immediate need.