On Tue, 11 Oct 2016 08:35:35 +0000
Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> wrote:
On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote:
> Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> wrote:
> > Yes. The hint that "this passphrase is weak" is very useful. But
> > enforcing any policy is just too inflexible. I just tried to
> > explain (unsuccessfully) to a kid (2nd grade, so any "strong"
> > password would simply be immediately forgotten) why she cannot
> > change the password in the gnome dialogue, and it was a total
> > waste of time.
>
> Is a second-grader actually unable to remember "correct horse
> battery staple"? I strongly doubt that. Spell it, maybe not, but
> surely she could remember a four-word string?
A pass*phrase* like that is certainly much more feasible than a
pass*word*. But I still think it'd be an effort, for example I'd
estimate a 50-50 chance of a passphrase being forgotten over a two
week break.
And as for the spelling, notice the double-r and double-t, those would
be a source of trouble ;) Without any feedback and only three tries,
this would be rather frustrating.
How about a phrase she will remember, and will take pleasure in
typing? ;-)
"you are a good girl" or variation. Does she have a favorite passage
in a book she reads?