The password is really bad, it can be found in every dictionary, and just adds one non-alphanumeric character.
A few years back i got into really hot water with some users. Instead of a fixed "3 numbers, 4 characters, one special character" type of passpord, the systems i developed started using a complexity score thing. Somewhat secure "random" passwords could get away with about 10 characters. Using things like part of the username, your real name and stuff like that would come with a steep penalty, requiring a much longer password.
Needless to say, some users were pissed about the fact that i "required a 40 character password" and that they "can't use their favourite password and refuse to remember a new one". Shame it's not in my power to fire people or force them to sit through a three week class on basic computer security.
|Replies are listed 'Best First'.|
Re^7: Replacing crypt() for password login via a digest - looking for stronger alternative
by afoken (Canon) on Jun 17, 2021 at 16:38 UTC