installers (both ubiquity and d-i) allow single character passwords and encryption passphrases.
Bug #656004 reported by
Jeff Lane
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
BEeN GRUBed |
Invalid
|
Wishlist
|
Unassigned | ||
ubiquity (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned | ||
Natty |
Won't Fix
|
Wishlist
|
Unassigned | ||
Oneiric |
Won't Fix
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: ubiquity
It's never occurred to me until reading the warning in Kubuntu's installer but the installer's user info section warns that passwords have to be between 1 and 63 characters long.
I understand the need to make things easy for end users, however, allowing single character passwords is, IMHO a bit TOO lax and is a security risk. I was able to, using the Kubuntu installer, create a single letter password using the letter 'a'.
If that's going to be the policy, why do we even bother with passwords at all?
visibility: | private → public |
tags: | added: iso-testing |
summary: |
- Ubiquity allows for rediculously easy passwords (tried in Kubuntu + Ubiquity allows for ridiculously easy passwords (tried in Kubuntu installer) |
summary: |
- Ubiquity allows for ridiculously easy passwords (tried in Kubuntu - installer) + Ubiquity allows for ridiculously easy passwords while changing passwords + after install uses more sane defaults. |
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
summary: |
- Ubiquity allows for ridiculously easy passwords while changing passwords - after install uses more sane defaults. + Ubiquity KDE frontend allows single character passwords. |
summary: |
- Ubiquity KDE frontend allows single character passwords. + installers (both ubiquity and d-i) allow single character passwords and + encryption passphrases. |
Changed in ubiquity (Ubuntu Natty): | |
milestone: | none → natty-alpha-2 |
Changed in ubiquity (Ubuntu Natty): | |
milestone: | natty-alpha-2 → natty-alpha-3 |
Changed in ubiquity (Ubuntu Oneiric): | |
milestone: | none → ubuntu-11.10 |
Changed in ubiquity (Ubuntu): | |
milestone: | ubuntu-11.10 → none |
Changed in ubiquity (Ubuntu Oneiric): | |
status: | New → Triaged |
Changed in ubiquity (Ubuntu): | |
status: | Triaged → Invalid |
Changed in ubiquity (Ubuntu Oneiric): | |
importance: | Undecided → Wishlist |
Changed in been-grubed: | |
status: | Triaged → Invalid |
To post a comment you must log in.
After completing my Kubuntu installation, I rebooted and logged in using my shiny new password 'a' and dropped to a shell. I tried changing my password via the passwd command, but the default policy there requires at least 6 chars, not 1 and also checks against a dictionary for simple passwords.
I also tried changing my password using the "Change Password" option in System Settings/Account Information and it too refused to allow me to set a single char password.
This is a BIG problem, IMO...