Summary of password strength discussion

Chris Murphy lists at
Fri Jul 24 19:01:47 UTC 2015

On Fri, Jul 24, 2015 at 12:22 PM, Matthew Miller
<mattdm at> wrote:
> On Fri, Jul 24, 2015 at 07:04:14PM +0100, Richard Turner wrote:
>> > Well, turning on ssh access into the system is puts us into advanced
>> > territory already, doesn't it? And doing _that_ is opt-in.
>> If turning on SSH access is advanced territory, why do we not trust these
>> advanced users not to make their own decisions about whether their
>> passwords are strong enough?
> To me, at least: because the GUI doesn't provide any clue about what
> exactly this is, except for a short reference to "the Secure Shell
> command". It's advanced territory, but easy to enable.
> Honestly, my _second_ favorite option here is to drop the "Remote
> Login" option from the GUI.

Apple calls it "Remote Login" also and doesn't even reference SSH. It
just provides a hint:
To log in to this computer remotely, type "ssh chris at".

I'm not reading about piles of Macs being owned due to this
combination of permissive password policy (vastly more permissive than
Windows or Fedora), and a GUI toggle for it in plain sight.

Mac users less advanced than Fedora users, but Fedora users not body
armor. And not just available and suggested, they have to put it on. I
just...  it's totally baffling to me. I really do not get it.

I'm not asking where the fire is, because I'm still waiting for
someone to point out the smoke.

Chris Murphy

More information about the desktop mailing list