[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues

Fri Sep 7 05:42:01 UTC 2012

xnox, I have no intent to improve the password strength verification on the installer itself. That was a suggestion on the first post. My intentions in this thread is to make the same relative rules apply to the installer verification algorithm. As absolute ones, such as treating ñ as a special character are inappropriate in spanish or treating ç makes no sense in portuguese or french, since they are part of the local alphabet.
It was mentioned and link-referred that length makes stronger passwords but not if it's a known phrase or, lets say, country name. Including thousands of words per language/locale/keymap it's very hard, acknowledged. But making "ñ" look the same to an "n" or an "ç" the same to the "c" when spanish, french or portuguese are the declared locale/language on the installation process does not seem like an awkward request to fix the misbehavior of the password strength verification.
Another idea is: lets get rid of the whole verification process on locales/languages other than english, since it does not reflect any good practice at all, specially, compared to the relative situation in english settings.
To explain in more detail my previous paragraph: If I choose england as my country, english as my language, english as my keymap, the unitedkingdom password is marked as weak. It certainly should. But if my locales are spanish, my country espaÑa and my keymap the ES one, españa is a fair password to the installer. That is not the same behavior when taken relative to the declared variables (keymap,country,language) witch, at least to me, looks like a bug.
You mention that you do not want it to be impossible to achieve "fair/..." passwords, that is a merely indication of the right track to a strong password. Well, the country name should not be on that path. I really think someone else thinks like me, otherwise, why is unitedstatesofamerica (21 character long) a weak password?

The bug call remains. I believe everything to fix this mis behavior is
already in place.

PS: Thank you to the pointers to improve the verification, I'll see what can I suggest in through those channels.
PS2: for the previous, present and following posts, I apologize for any language related confusion. English is not my first language and I sincerely understand that's a barrier to comprehend each other.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1044868

Title:
  Ubuntu should encourage stronger passwords using stronger algorithms,
  note i18n issues

Status in “gnome-control-center” package in Ubuntu:
  Triaged
Status in “ubiquity” package in Ubuntu:
  Won't Fix

Bug description:
  When you set the password during the installation or also when you
  change it via the gnome-control-center you can insert a weak password
  (like "123456" or "qwerty" or "abcdef" or "password" itself) without
  any alerts, or so on.

  The suggestion is a password strength verification that includes the most used passwords (like "1234" or "qwerty") and a dictionary that includes the word password in every language.
  A special attention to language like Spanish where "password" is "contraseña", and where is the character "ñ" which can be recognize as a special symbol.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions