Believe me we have long and passionate discussions about passwords length and complexity.
The question in my post is purely technical. > On Apr 30, 2019, at 13:51, Michał Górny <mgo...@gentoo.org> wrote: > >> On Tue, 2019-04-30 at 13:40 -0400, David Milet wrote: >> Yes, we’re considering using smart cards or usb devices like Yubikey. >> Do those enforce password complexity? >> >> To answer suggestions in other replies, our developers are savvy enough, and >> we do have recurring training in place to stress the importance of good >> passwords. But we know also that some developers will choose the weakest >> password the system allows, making them the weakest link. >> > > I dare say trying to enforce strong passwords via policy is usually > a bad idea. If you can't convince user to use and remember a good > password, trying to force it via policy usually results either in: > > a. passwords being noted down on paper, phone, etc., or > > b. passwords becoming more predictable. > > I can't know whether your users would actually do that but it's not > uncommon problem that e.g. if you require password containing one digit > and one special character, you replace trivial passwords with trivial > passwords followed by '1!'. > > -- > Best regards, > Michał Górny > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
