Summary of password strength discussion

Chris Murphy lists at
Thu Jul 23 21:32:08 UTC 2015

On Thu, Jul 23, 2015 at 2:10 PM, Michael Catanzaro <mcatanzaro at> wrote:
> On Thu, 2015-07-23 at 20:32 +0100, Richard Turner wrote:
>> I enable SSH on my boxes at home just so that I can access them from,
>> e.g. my phone. They're on a closed network, so the security risk is
>> minimal even with a weak password (I use keys anyway). I'd not want
>> to be forced to change my password just because I've enabled SSH.
>> Could we not just warn users about their passwords and leave it up to
>> them to do something about it instead of enforcing a stronger policy?
> The problem is that you are a very exceptional case, and in the general
> case, if the user gets this wrong the box gets owned by bad guys.
> So I think for your case, it would be best to not use the sharing panel.

OS X lets me use a single number password and login to that user via
ssh. No complaints, not even admonishment or recommendation to use a
stronger password, and not even a password quality indicator.

And statistically, Mac sales are overwhelmingly laptops. So a lot of
these are in cafes on unprotected wifi. I'm missing the logic of how
either Fedora itself, or Fedora users, are somehow more prone getting
owned in lieu of, what a six character minimum compared to apparently
no minimum on OS X?

Chris Murphy

More information about the desktop mailing list