On 0, Charlotte Webb charlottethewebb@gmail.com scribbled:
On 5/8/07, doc doc.wikipedia@ntlworld.com wrote:
Seems like overkill. If crats simply ask successful candidates to confirm that they have a compliant password *before* sysopping them, then the problem is solved.
If they just nod "yes" because they can't be bothered to change their passwords to something other than "fuckyou" or "Password1" or whatever, we will eventually be right back where we started.
I don't see how we could put much faith into a security measure that is no more sophisticated than "taking their word for it".
As Reagan liked to say, 'Trust but verify.' What's wrong with taking their word for it and then periodically running the cracker whenever the servers are not busyy?
-- Gwern Inquiring minds want to know.