[WikiEN-l] Admin account cracker about to be run internally

Gwern Branwen gwern0 at gmail.com
Tue May 8 18:19:06 UTC 2007


On  0, Charlotte Webb <charlottethewebb at gmail.com> scribbled:
> On 5/8/07, doc <doc.wikipedia at ntlworld.com> wrote:
> > Seems like overkill. If crats simply ask successful candidates to
> > confirm that they have a compliant password *before* sysopping them,
> > then the problem is solved.
>
> If they just nod "yes" because they can't be bothered to change their
> passwords to something other than "fuckyou" or "Password1" or
> whatever, we will eventually be right back where we started.
>
> I don't see how we could put much faith into a security measure that
> is no more sophisticated than "taking their word for it".

As Reagan liked to say, 'Trust but verify.' What's wrong with taking their word for it and then periodically running the cracker whenever the servers are not busyy?

--
Gwern
Inquiring minds want to know.




More information about the WikiEN-l mailing list