Security incident on Fedora infrastructure on 23 Jan 2011
Athmane Madjoudj
athmanem at gmail.com
Wed Jan 26 21:44:31 UTC 2011
On 01/26/2011 06:51 PM, Ricky Zhou wrote:
> On 2011-01-25 01:24:54 PM, Jose Manimala wrote:
>> One question is should a password length and secure password creation
>> check be enforced on the FAS system. Like regular expression checks
>> and stuff. I know this is asking a lot, the current implementation
>> allows me to have a simple password if I remember(need to check) been
>> long. And password expiry? :)
> Good point, password complexity checks are still listed as a TODO in
> FAS (although we do have a minimum length of 8 implemented), looks like
> we just never got to doing it. I've added a note about those in
> https://fedorahosted.org/fedora-infrastructure/ticket/2574,
> which we will discuss in the next infra meeting.
>
Maybe we should add a captcha after three (3) failed login attempts ?
Sign up page already has a captcha
--
Athmane Madjoudj
More information about the infrastructure
mailing list