do not allow easy passwords
- Thread starter Lem0nHead
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I've taken the liberty of editing your post subject to "Do not allow easy passwords"; I hope I made the right decision.
Linux and Unix both already contain fairly good dictionaries which can be used for just this purpose. In fact if you add a user from the command line and use an easily-hackable password, your server will return a warning, though it will still let you use the password.
The only problem I see is a customer expectation issue; many clients will want to be able to use passwords they're comfortable with instead of passwords you're comfortable with.
Great idea, though.
Jeff
Linux and Unix both already contain fairly good dictionaries which can be used for just this purpose. In fact if you add a user from the command line and use an easily-hackable password, your server will return a warning, though it will still let you use the password.
The only problem I see is a customer expectation issue; many clients will want to be able to use passwords they're comfortable with instead of passwords you're comfortable with.
Great idea, though.
Jeff
jlasman said:I've taken the liberty of editing your post subject to "Do not allow easy passwords"; I hope I made the right decision.
Linux and Unix both already contain fairly good dictionaries which can be used for just this purpose. In fact if you add a user from the command line and use an easily-hackable password, your server will return a warning, though it will still let you use the password.
The only problem I see is a customer expectation issue; many clients will want to be able to use passwords they're comfortable with instead of passwords you're comfortable with.
Great idea, though.
Jeff
oops, sorry the mistake
yep, but when the user change his password on the control panel, there's no check
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Which is why I agree that you've got a great idea .
Jeff
.Jeff
sullise
Verified User
- Joined
- Mar 4, 2004
- Messages
- 477
I just make it clear that if a clients acct gets hacked and causes server issues due to weak passwords, they are gone and/or fined for it.
If they just get hacked and have to have us restore their site..well...$$$ in my pocket then..no freebees due to ignorance.
If they just get hacked and have to have us restore their site..well...$$$ in my pocket then..no freebees due to ignorance.
A little javascript to check the length and variaty of characters used to display password strength (weak or strong).
I've noticed this display feature on several web sites recently.
A nice way for the user to be encouraged to use a stronger password.
I've noticed this display feature on several web sites recently.
A nice way for the user to be encouraged to use a stronger password.
kotakomputer
Verified User
- Joined
- May 17, 2009
- Messages
- 16
