Am 14.10.2014 09:26, schrieb Stephan Aßmus:
As I understand from the article I linked, truly random long passwords are secure. Maybe it is an option to generate a password in HaikuDepot when creating an account? This option would only be available when someone provides an email address. The user never needs to remember the password, it is stored on the system in the key chain. It could be displayed on request, maybe exported and imported so it can be transfered to another system. When the user looses it, the password reset mechanism has to be used.
Alternatively, we could use a system to compute the passwords from the master password of the keychain by default, so when the user sets up Haiku on a different system with the same e-mail address, it would automatically use the same password (as an overridable default).
Besides that, I don't think we need to annoy the user too much. There are even banks that don't allow more than 5 character passwords! (not saying we should go down that route, however :-))