Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
ndowens04 at gmail.com
Thu Oct 13 18:34:45 UTC 2011
I think requiring a minium sized password that is pretty long, like maybe
15-20 or larger. The chance of somebody cracking those sized passwords would
be smaller. Also I know there was a previous issue about the Yubikey as part
of security. In my opinion requiring a 15-20 long password added with a
Yubikey would be something that would maybe lessen the chance. I currently
use Lasspass to create passwords, and my master password is a long password
and the password I get it to generate is also quite long.
On Thu, Oct 13, 2011 at 1:29 PM, Bernd Stramm <bernd.stramm at gmail.com>wrote:
> On Thu, 13 Oct 2011 10:39:03 -0700
> Toshio Kuratomi <a.badger at gmail.com> wrote:
> > So what are our admins to do? 1) We could ignore the issue. We have
> > a lot of contributors. Maybe we should just expect that some of
> > their accounts are going to be compromised.
> Not maybe. Certainly some of the accounts will be compromised.
> > 2) We could require
> > everyone to change keys.
> And some time after that, some accounts will be compromised again. Some
> of the same accounts as before, and some other accounts. Not maybe.
> Certainly, 100%.
> Bernd Stramm
> bernd.stramm at gmail.com
> devel mailing list
> devel at lists.fedoraproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel