[haiku-depot-web] Re: Password Policy
- From: Joe Prostko <joe.prostko@xxxxxxxxx>
- To: haiku-depot-web@xxxxxxxxxxxxx
- Date: Mon, 13 Oct 2014 11:54:45 -0400
On Mon, Oct 13, 2014 at 11:27 AM, Jessica Hamilton <
jessica.l.hamilton@xxxxxxxxx> wrote:
>
> Hi,
>
> I noticed that we use an archaic password policy in HaikuDepot[1].
>
> Can we please change this to use actually strong[2] passwords instead?
>
> We should at the very least drop the requirement of caps & symbols
> (obviously users can still use these if they desire, not that they add
> significant entropy).
>
> And at a minimum, increase password length to say 19 characters? This
19 characters? That seems a bit much to me, personally. I think it starts
to go into the realm of ridiculousness once you are hitting 14 characters
or so, although 12-16 characters looks like the sweet spot to me at this
point in time. I agree that caps and symbols don't buy you much as
password length is much more important to providing password strength. How
does everybody else feel about this? I think something like a minimum
length of 10 characters with one letter (upper or lower case) and one
number being required. That would likely work out better than the current
solution of 8 character minimum with 2 upper case and two numbers being
required. Also, I didn't test this yet, but preventing login attempts from
happening in rapid fire fashion will go a long way as well.
I found this site to be helpful for me when I was choosing my own personal
password policy that was a good balance between strength and convenience
(when I have to enter passwords on a mobile device, for instance).
https://www.grc.com/haystack.htm
- joe
Other related posts:
