| |||||||||||||
Enforcing password strengthEnforcing password strengthPosted Oct 13, 2011 16:02 UTC (Thu) by NAR (subscriber, #1313)In reply to: Enforcing password strength by pabs Parent article: Enforcing password strength
Actually I have no idea what my Skype password is. The client stores it somewhere and when it forgets (once or twice a year) I generate a new one.
I use English keyboard layout, but the family members use Hungarian, so some punctuation marks, numbers and even letters are in the wrong place. Because passwords are generally not echoed, I might not notice if I type something wrongly, so it's wise to avoid z, y, 0, etc. which makes the usable character set even smaller. Then there's at least one public webmail service that accepts only the first 8 characters of the password (maybe they've changed it in the last few years)...
On the other hand what are the odds to make a typo in a 20 characters long passphrase? Because it's not echoed, it's not easy to notice, especially for beginners who're still looking for the right keys all the time. So the situation is a mess.
(Log in to post comments)
Enforcing password strength Posted Oct 14, 2011 7:22 UTC (Fri) by Cato (subscriber, #7643) [Link]
You could try LastPass, which is a cloud-based password manager with plugins for most browsers, and Yubikey, which is a hardware token emulating a keyboard. Set up LastPass to require use of Yubikey (and disable offline use), then set an easily typed password, on all keyboard variants, for LastPass - this will then send the password to all websites.
LastPass doesn't yet cover local applications on Linux, but you can copy/paste the password into Skype etc.
Enforcing password strength Posted Oct 20, 2011 11:16 UTC (Thu) by pabs (subscriber, #43278) [Link]
My point was that strong passwords are too hard for normal folks and if bad passwords are not allowed such people will walk away from your service.
|
|||||||||||||