On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote:
Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> wrote:
> Yes. The hint that "this passphrase is weak" is very useful. But
> enforcing any policy is just too inflexible. I just tried to explain
> (unsuccessfully) to a kid (2nd grade, so any "strong" password would
> simply be immediately forgotten) why she cannot change the password in
> the gnome dialogue, and it was a total waste of time.
Is a second-grader actually unable to remember "correct horse battery
staple"? I strongly doubt that. Spell it, maybe not, but surely she
could remember a four-word string?
A pass*phrase* like that is certainly much more feasible than a
pass*word*. But I still think it'd be an effort, for example I'd
estimate a 50-50 chance of a passphrase being forgotten over a two
week break.
And as for the spelling, notice the double-r and double-t, those would
be a source of trouble ;) Without any feedback and only three tries,
this would be rather frustrating.
Zbyszek