Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: stabilys on February 11, 2009, 06:11:24 PM
-
I have noted the above topic which is now locked.
I have to say that I disagree with the logic. Moreover, I disagree with the step taken - to restrict to >=7.
For administrator passwords you will get no argument from me - we use 30 character passphrases.
But for users - that's different. It is hard for anyone geeky enough to install an SME box to realise how hard passwords are for many users.
I see no reason to restrict password length to 7 when AFAICT the minimum required length is 6.
I have used the workround in the referenced article to change a CEO's password length to 6 characters and have so far seen no adverse consequences. They are (believe me!) incapable of learning a new longer password, the current one took years. They also employ us to solve their problems, not create new ones for them.
I think developers and support need to remember that computer systems exist to solve human problems - and security for users is only a minor concern, and it is in their choice - after taking and ignoring advice from administrators who will argue for stronger security, always.
I reiterate, for root and admin passwords strong should indeed be enforced. But users need latitude. What's wrong with >=6?
MeJ
-
stabilys
Are you trying to say that the people you work with are all stupid ?
I implemented an SME server years ago and when the new setup came along to change the passwords to upper, lower, numbers and strange characters I had no problems getting 40+ people to change there passwords.
Even the most computer illiterate person was ok with it ... and the passwords 95% of them come up with were minimum 9 characters long.
I'm sure the people you work with will love you for calling them stupid or as you put it "incapable of learning".
Regards,
Tib
-
stabilys
Are you trying to say that the people you work with are all stupid ?
Well - for a given value of 'stupid' - yes. Half of them seem to be essentially retarded - as long as we stick to the knowledge domain of 'ITC'.
If we speak of the 'income' domain then many of them are demonstrably not stupid.
The person I referred to originally is the CEO of a company that exports to 120 countries, employs people in three countries and makes significantly more personally than my company does as a whole. But she is computer-illiterate, tech-illiterate and did not learn to drive until she was 45. She is not prepared to change her password. And - why should she?
I suspect you work with a small number of people in one company. I work with many in many companies, and they would think it 'stupid' for us to not be able to adapt the systems that they commission to their needs.
In particular, they might think it 'stupid' to enforce a 7 character password when a six-character one is required.
What else can I say?
-
well
IMO, let Ceo's pwd be of 6 chars :-)
all the other, 7 or more.. they HAVE to learn :-)
/me bofh
ciao
Stefano
-
I see no reason to restrict password length to 7 when AFAICT the minimum required length is 6.
This whole 7 chr minimum does not seem to be chosen based on technical grounds. 7 as a default minimum I'm OK.
My feature request for shorter pwd's as an option was denied, Wontfix.
If anyone can shine a light why we need 7 as a minimum, which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.
I more or less hope that someone can confirm using 6 chr pwd's will not break (major) things, so I'm able to sleep better...
-
well
IMO, let Ceo's pwd be of 6 chars :-)
Quite so!
all the other, 7 or more.. they HAVE to learn :-)
Maybe. I do not believe a 7 digit password is importantly more secure than a six digit one. I use *long* passwords when I want security (root).
But what I misunderestimate is the reason for fixing the password requirement at one longer than the system executables require (if, as I believe, this is the case).
But having got the workround I'm not going to argue about it :)
Cheers!
MeJ - JMe
-
If anyone can shine a light why we need 7 as a minimum, which things will be broken if we use 6, then I would be most gratefull. So far, no-one has.
Quite so!