psiphon

Security: stronger password requirements

Bug #457357 reported by root on 2009-03-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	psiphon	Confirmed	Unknown	Unassigned

Bug Description

* Recommend at least 6 characters, plus mix of classes.
* Could have stronger requirements for more privileged users (Admin, etc.) -- would need some tricky logic in case where user role changes.
* Other common practices:
* User name not a substring
* Dictionary checks (excepting passphrases)
* Expiry & history?
* There's a lot of good info here: http://en.wikipedia.org/wiki/Password_strength. Studies indicate that user's password strength depends on the instructions they are given. Again, this is especially important for higher privileged users.

See original description

Tags:

Adam P (adam+) on 2009-10-29

description:

updated

Adam P (adam+) on 2009-10-29

Changed in psiphon:
status:	New → Confirmed

Rod (rod-psiphon) on 2009-11-24

visibility:

private → public

Rod (rod-psiphon) on 2010-05-06

tags:

added: category3

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.