That's a good point, and I'll admit I didn't consider that. Nonetheless, I do still hold that passwords should be required to be six characters in length (maybe not requiring alphanumeric combinations), and that certain common insecure passwords (and their variants) should be disabled from a technical level.
As it is, a one-character password is perfectly valid. It's also as insecure as all get-out.
Ken Arromdee wrote:
On Sun, 6 May 2007, Blu Aardvark wrote:
Passwords should be /required/ to be at least six characters in length and contain at least one letter and one number. Most other popular sites do at least this. (If such a change were made, users with passwords not meeting this requirement could be prompted to change theirs upon the next login.)
Which means they'll *have* to use the same password on multiple web sites. It's just impossible for a human being to dozens of different arbitrary sequences of characters needed to get around on the net these days.
You can choose between crackable passwords, and passwords that anyone who runs a web forum and logs passwords can just type in. There are no other options.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l