https://bugzilla.wikimedia.org/show_bug.cgi?id=16435
Thomas Bertels <tbertels+bugzi...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tbertels+bugzi...@gmail.com --- Comment #3 from Thomas Bertels <tbertels+bugzi...@gmail.com> 2009-02-19 17:17:18 UTC --- (In reply to comment #2) > Yes, but this should verify password /strength/ > > For example, on the toolserver, you cannot set a password with dictionary > words > (longer than X chars, I think), and you must include 3 of 4 character classes > or something (lower case, uppercase, numbers, special chars...?). And so on > (presumably the programmers know better than I do what makes a strong > password). > Since there's a captcha after 3 attempts and a temporary lockout after 3 (or so) more attempts, I'm not sure if it's a good idea to enforce that much brute force or dictionary resistant passwords. Too strong passwords would be difficult for the users to remember. What about just letting the user know about his/her password strength ? However, since the compromised accounts passwords were either the same as the login or just "password", those are basic rules to improve password strength (they are probably already active). -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l