https://bugzilla.wikimedia.org/show_bug.cgi?id=16435
Thomas Bertels <tbertels+bugzi...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tbertels+bugzi...@gmail.com
--- Comment #3 from Thomas Bertels <tbertels+bugzi...@gmail.com> 2009-02-19
17:17:18 UTC ---
(In reply to comment #2)
> Yes, but this should verify password /strength/
>
> For example, on the toolserver, you cannot set a password with dictionary
> words
> (longer than X chars, I think), and you must include 3 of 4 character classes
> or something (lower case, uppercase, numbers, special chars...?). And so on
> (presumably the programmers know better than I do what makes a strong
> password).
>
Since there's a captcha after 3 attempts and a temporary lockout after 3 (or
so) more attempts, I'm not sure if it's a good idea to enforce that much brute
force or dictionary resistant passwords.
Too strong passwords would be difficult for the users to remember.
What about just letting the user know about his/her password strength ?
However, since the compromised accounts passwords were either the same as the
login or just "password", those are basic rules to improve password strength
(they are probably already active).
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
