Summary of password strength discussion

Chris Murphy lists at colorremedies.com
Fri Jul 24 18:42:51 UTC 2015 

On Fri, Jul 24, 2015 at 11:30 AM, Matthew Miller
<mattdm at fedoraproject.org> wrote:
> On Fri, Jul 24, 2015 at 10:48:14AM -0600, Chris Murphy wrote:
>> > Still a little esoteric, but provisioning is easier, and people are
>> > getting more used to it in general, hopefully. And as a bonus, this
>> > jumps us up to level 3 identity assurance, I believe.
>> OK, but still not by default. Not everyone has a smart phone. And mine
>> runs into this FreeOTP bug:
>> https://fedorahosted.org/freeotp/ticket/52
>> This stuff has to be opt in, not opt out.
>
> Well, turning on ssh access into the system is puts us into advanced
> territory already, doesn't it? And doing _that_ is opt-in.

If it's advanced, then why is there this mysterious problem that
Fedora users are a.) using crap passwords and b.) brow beating them
won't work because they're notoriously stubborn and don't take advice?
I just don't understand the rationalization, it's almost like doing
this for the sake of doing it. All other problems have been solved now
we need to make bacon with a Rube Goldberg contraption!

Who else has done this? Obviously Apple, with deific amounts of
resources, doesn't give two shits and a fuck about an *admin* user
setting their password to cat with ssh being enabled. If they don't
care, why do we? And where does the authority come from to usurp
control over the user's freedom to fuck up, be stubborn, and have
asinine passwords? I just... what?

This is not low hanging fruit. It's low hanging tree limbs and eating
leaves. It's like watching Charlie the Unicorn Goes to Candy Mountain.
I'm just left with a "HUH?"

OK so you're suggesting this only get provisioned with MFA if the user
enables SSH in the GNOME GUI? If it's enabled via systemctl then it's
just password only, and no MFA? Because if MFA is required then there
needs to be a text fall back provisioning. Every release cycle I'm
logging in remotely to grab logs because one or another system has a
video regression. And this release cycle I'm expecting more because
Wayland.

-- 
Chris Murphy

More information about the desktop mailing list