[WikiEN-l] Feasible security idea for login? (was: Admin account cracker about to be run internally)
Joe Szilagyi
szilagyi at gmail.com
Tue May 8 15:21:03 UTC 2007
Would it be overkill from the perspective of the number of users/scope of
users to implement something that checked the strength of passwords as
entered? Some websites feature tools that report on the perceived strength
of your password as entered, typically from weak to decent to moderate to
good to strong, or similar wording.
Perhaps something like that, with the Wikimedia software having an option to
simply refuse acceptance of anything less than 'moderate' value? You can
have it check at each login, and in the event that it fails the 'moderate'
test, force a password change. Since you in turn can't now enter a crap
password, it will push everyone to add a decent password. Annoying, once,
but after that... all users are covered, and this should no longer require
constant monitoring afterwards (ideally).
--
Regards,
Joe
http://www.joeszilagyi.com
More information about the WikiEN-l
mailing list