[lubuntu-devel] heavy handed password requirements?
Mark F
azdays15 at gmail.com
Thu Aug 23 21:50:09 UTC 2018
Walter,
IMO, for casual home users, it seems a bit overbearing to require cryptic
passwords. I have a friend who only uses her Lubuntu to play some games,
surf the web, read email. I know there's a risk of her laptop being stolen
and someone getting into any web accounts with "remembered" passwords. But,
I think the risk is that she'll forget a convoluted laptop password.
I like how it is now. It gives us an idea of how strong the password is
using an indicator. But, we can choose an insecure password if we wish.
Mark
On Thu, Aug 23, 2018 at 9:57 AM Walter Lapchynski <wxl at ubuntu.com> wrote:
> As 18.10 development continues, we find ourselves with opportunities to
> add in new features which weren't quite so easily implemented before.
> One of these things is the discovery that Calamares (our installer)
> supports a library called libpwquality that can enforce all kinds of
> great password requirements. Being security-minded folks, we're inclined
> to add such things to the installer and as of recent uploads, you'll
> find them included. We were actually planning on hardening these even
> more to require a minimum length, miminum number of character classes,
> no dictionary words, limited repeat characters or sequences. Check out
> the [manpage for pwquality.conf][0] for more on the many options
> available.
>
> However, we have at least [one complaint][1] already about this and it
> has us concerned whether or not we're being a little too heavy handed in
> these requirements. As you can see in our response, there is a
> workaround which one can easily accomplish by editing a config file and
> commenting out all the password section. Still, that wasn't sufficient
> to satisfy this particular individual, apparently.
>
> I still believe secure defaults make sense, especially as this tends to
> be the rule rather than the exception in the modern world. Everywhere
> you go, password requirements are there. However, I do not believe we
> (core development team) should be making these decisions alone. That
> said, what do you, the community think?
>
> [0]:
>
> https://github.com/libpwquality/libpwquality/blob/master/doc/man/pwquality.conf.5.pod
> [1]: https://linuxrocks.online/@hil/100600128336751092
>
> --
> @wxl | polka.bike
> C563 CAC5 8BE1 2F22 A49D
> 68F6 8B57 A48B C4F2 051A
>
> --
> Lubuntu-devel mailing list
> Lubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/lubuntu-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-devel/attachments/20180823/e2b45a49/attachment-0001.html>
More information about the Lubuntu-devel
mailing list