

How to enforce password complexity on Linux - kungfudoi
http://www.itworld.com/endpoint-security/275056/how-enforce-password-complexity-linux

======
ryandvm
Can we all agree to stop forcing users to jump through these hoops? It's not
helping security at all.

Requiring users to have a number, punctuation, mixed case, 10 digits, etc. may
make the password itself more secure, but it's all for naught since the user
just wrote it down on a Post It note because it's an unmemorable heap of bits.

Just run the username/password through a cracking library and if it doesn't
crack then let them use it.

~~~
tzs
> Requiring users to have a number, punctuation, mixed case, 10 digits, etc.
> may make the password itself more secure, but it's all for naught since the
> user just wrote it down on a Post It note because it's an unmemorable heap
> of bits.

There is no realistic chance that the people who are interested in finding my
passwords will be able to read a Post It note inside my house, so if having to
use a more secure password causes me to resort to a Post It note it would not
be for naught.

~~~
IsTom
If you're setting requirenments on password for yourself then perhaps you've
got some problems. This is matter of security in systems with many users where
industrial espionage or social engineering might happen.

------
semarjt

         PasswordAuthentication no
         PubkeyAuthentication yes

