Summary of password strength discussion
Lars Seipel
lars.seipel at gmail.com
Mon Jul 27 18:43:21 UTC 2015
On Mon, Jul 27, 2015 at 11:19:41AM -0600, Chris Murphy wrote:
> Why is password quality being targeted rather than the number of ssh
> attempts being set to e.g. 3 per minute, by default? And does this
> sufficiently mitigate the concern, and if not, why not?
Restricting login attempts means that now even the most naïve kind of
attack can lock me out of my machine. You know, the really stupid
attacks that rain down on almost any internet host in gigantic numbers
but are effectively countered by using anything but the most trivial of
passwords.
More information about the desktop
mailing list