[Bug 163072] New: Password strength meter too high for short passwords
dionisus torimens
djtm at gmx.net
Mon Jun 2 15:11:36 BST 2008
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=163072
Summary: Password strength meter too high for short passwords
Product: kdelibs
Version: unspecified
Platform: Ubuntu Packages
OS/Version: Linux
Status: UNCONFIRMED
Severity: wishlist
Priority: NOR
Component: kwallet
AssignedTo: unassigned-bugs kde org
ReportedBy: djtm gmx net
Version: (using KDE 4.0.4)
Installed from: Ubuntu Packages
OS: Linux
I can get an almost full strength bar with 5 characters and a full one with 6, even with the last two being equal numbers.
This gives a false sense of security.
Most experts agree that passwords should have at least 8 characters to be secure:
http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords ("12 to 14")
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-pass.html ("at least 8")
http://www.itd.umich.edu/itcsdocs/r1162/#guide ("at least 9")
http://news.bbc.co.uk/2/hi/science/nature/2061780.stm ("at least 8")
http://www.securityfocus.com/infocus/1537 (6-9)
http://www.microsoft.com/protect/yourself/password/create.mspx (8 or more, recommend 14 or more)
More information about the Unassigned-bugs
mailing list