Steve Bennett wrote:
On 9/3/06, Stephen Bain stephen.bain@gmail.com wrote:
IIRC, either Brion or Tim did some checking a while ago and found that many people did indeed have very short passwords. I can't find the message however, it may have had something to do with single sign-in stuff.
I do know that the ability to have an empty password was only switched off in January this year:
We should probably bear in mind we're talking about wikis here, not bank accounts or anything especailly confidential.
Steve
Hoi, Without the benefit of an old thread it is a very cryptic remark. However, from a basic point of view without sufficiently secure passwords the notion of confidentially is severely diminished. You only consider our present requirements and with Wikiversity they WILL change. Also with the upcoming single login we will have one password for everything. If anything suggesting that "easy to remember passwords" are a good thing is something I do not share with you. I would not accept the liability that follows from bad practice when this bad practice is promoted by us as an organisation.
When people select their own passwords then it is their business to select something suitable. Given that people often do not have secure passwords, I would suggest using stronger authentication when our needs change. Thanks, GerardM