On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote: > This all goes back to using easy passwords. And the > same passwords on different sites: > > https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication > > "In fact, databases of known breached account information > reveal the actual passwords in use around the world, and > we can see that people typically fail to choose sufficiently > long, complex, and unique passcodes. A study of the most > common passwords used globally has “123456”, “qwerty” > (six consecutive keys on a keyboard) and “password” among > the top 5."
Password construction rules were always a crock of crap. Must have one capital, symbol, number, etc just gave a series of clues to crackers. While making it harder for you to come up with a code you can remember and type (and just watch dyslexic people try to get these things right, illiterate people who can't spell, or anybody on a mobile phone touch screen). Then have to go through it again and again on forced periodic changes. I favour passphrases of several words. And I think rule enforcement ought to be along the lines of auto-reject "qwerty"-like passwords and other forbidden words. You have no clue if my password is 898d4 or sixgorillaswillnotletmego, not at any stage of the game. You don't get any "you've guessed half of it right," like in the movies. You just get pass or fail, and multiple fails ought to trigger defensive methods. Any service that lets someone hammer away at it is manifestly incompetent. -- NB: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the list. The following system info data is generated fresh for each post: uname -rsvp Linux 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53 UTC 2023 x86_64 -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
