On Tue, Feb 24, 2015 at 9:10 AM, Hubert Kario <hkario(a)redhat.com> wrote:
thing is, that even if it just comes up once that means that the
attackers
either use full publicly available word lists or not entirely trivial password
modification rules ("trustno1" is on 1001th position in RockYou list)
either means that a simple dictionary check won't protect against such
opportunistic attackers
note to self: get password list from honeypots
In the UI for setting a password, how does the guideline read for such
enforcement?
"Your password must contain at least 8 characters and must contain at
least one letter and one numeric or punctuation character" is
obviously not going to work.
--
Chris Murphy