User: Password:
Subscribe / Log in / New account

Enforcing password strength

Enforcing password strength

Posted Oct 13, 2011 5:49 UTC (Thu) by pabs (subscriber, #43278)
Parent article: Enforcing password strength

One of my family members recently gave up on creating a Skype account because their password requirements were too much.

I wonder if Fedora could use GPG keys and client-side SSL certs generated by Monkeysphere for web authentication instead of passwords?

(Log in to post comments)

Enforcing password strength

Posted Oct 13, 2011 16:02 UTC (Thu) by NAR (subscriber, #1313) [Link]

Actually I have no idea what my Skype password is. The client stores it somewhere and when it forgets (once or twice a year) I generate a new one.

I use English keyboard layout, but the family members use Hungarian, so some punctuation marks, numbers and even letters are in the wrong place. Because passwords are generally not echoed, I might not notice if I type something wrongly, so it's wise to avoid z, y, 0, etc. which makes the usable character set even smaller. Then there's at least one public webmail service that accepts only the first 8 characters of the password (maybe they've changed it in the last few years)...

On the other hand what are the odds to make a typo in a 20 characters long passphrase? Because it's not echoed, it's not easy to notice, especially for beginners who're still looking for the right keys all the time. So the situation is a mess.

Enforcing password strength

Posted Oct 14, 2011 7:22 UTC (Fri) by Cato (subscriber, #7643) [Link]

You could try LastPass, which is a cloud-based password manager with plugins for most browsers, and Yubikey, which is a hardware token emulating a keyboard. Set up LastPass to require use of Yubikey (and disable offline use), then set an easily typed password, on all keyboard variants, for LastPass - this will then send the password to all websites.

LastPass doesn't yet cover local applications on Linux, but you can copy/paste the password into Skype etc.

Enforcing password strength

Posted Oct 20, 2011 11:16 UTC (Thu) by pabs (subscriber, #43278) [Link]

My point was that strong passwords are too hard for normal folks and if bad passwords are not allowed such people will walk away from your service.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds