[WikiEN-l] Feasible security idea for login? (was: Admin account cracker about to be run internally)
Ray Saintonge
saintonge at telus.net
Tue May 8 17:44:18 UTC 2007
Joe Szilagyi wrote:
>Would it be overkill from the perspective of the number of users/scope of
>users to implement something that checked the strength of passwords as
>entered? Some websites feature tools that report on the perceived strength
>of your password as entered, typically from weak to decent to moderate to
>good to strong, or similar wording.
>
>Perhaps something like that, with the Wikimedia software having an option to
>simply refuse acceptance of anything less than 'moderate' value? You can
>have it check at each login, and in the event that it fails the 'moderate'
>test, force a password change. Since you in turn can't now enter a crap
>password, it will push everyone to add a decent password. Annoying, once,
>but after that... all users are covered, and this should no longer require
>constant monitoring afterwards (ideally).
>
Why not just wait until we have single login to do this. Then one would
not need to go through all the projects and mailing lists to make sure
that all the passwords match.
Ec
More information about the WikiEN-l
mailing list