I think requiring a minium sized password that is pretty long, like maybe 15-20 or larger. The chance of somebody cracking those sized passwords would be smaller. Also I know there was a previous issue about the Yubikey as part of security. In my opinion requiring a 15-20 long password added with a Yubikey would be something that would maybe lessen the chance. I currently use Lasspass to create passwords, and my master password is a long password and the password I get it to generate is also quite long.<br>
<br><div class="gmail_quote">On Thu, Oct 13, 2011 at 1:29 PM, Bernd Stramm <span dir="ltr"><<a href="mailto:bernd.stramm@gmail.com">bernd.stramm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Thu, 13 Oct 2011 10:39:03 -0700<br>
Toshio Kuratomi <<a href="mailto:a.badger@gmail.com">a.badger@gmail.com</a>> wrote:<br>
<br>
>...<br>
> So what are our admins to do? 1) We could ignore the issue. We have<br>
> a lot of contributors. Maybe we should just expect that some of<br>
> their accounts are going to be compromised.<br>
<br>
Not maybe. Certainly some of the accounts will be compromised.<br>
<br>
> 2) We could require<br>
> everyone to change keys.<br>
<br>
And some time after that, some accounts will be compromised again. Some<br>
of the same accounts as before, and some other accounts. Not maybe.<br>
Certainly, 100%.<br>
<font color="#888888"><br>
<br>
--<br>
Bernd Stramm<br>
<a href="mailto:bernd.stramm@gmail.com">bernd.stramm@gmail.com</a><br>
</font><br>--<br>
devel mailing list<br>
<a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/devel" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br></blockquote></div><br>