[haiku-depot-web] Re: Password Policy

  • From: Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>
  • To: haiku-depot-web@xxxxxxxxxxxxx
  • Date: Tue, 14 Oct 2014 10:58:28 +0200

Am 14.10.2014 09:26, schrieb Stephan Aßmus:
As I understand from the article I linked, truly random long passwords
are secure. Maybe it is an option to generate a password in HaikuDepot
when creating an account? This option would only be available when
someone provides an email address. The user never needs to remember the
password, it is stored on the system in the key chain.  It could be
displayed on request, maybe exported and imported so it can be
transfered to another system. When the user  looses it, the password
reset mechanism has to be used.

Alternatively, we could use a system to compute the passwords from the master password of the keychain by default, so when the user sets up Haiku on a different system with the same e-mail address, it would automatically use the same password (as an overridable default).

Besides that, I don't think we need to annoy the user too much. There are even banks that don't allow more than 5 character passwords! (not saying we should go down that route, however :-))


Other related posts: