[PC-BSD Testing] PC-BSD 8.2-RC1 Installation issues

LinuxBSDos.com finid at linuxbsdos.com
Wed Jan 12 13:38:15 PST 2011


> On 01/12/2011 16:15, LinuxBSDos.com wrote:
>>
>>> Should we enforce password lengths/"complexity"? I'm a fan of the UNIX
>>> model: Be stupid and expect stupid.
>>
>> I think it makes plenty of sense to enforce password length. Complexity,
>> I'm not too worried about, but length, yes (don't let you mind stray
>> from
>> the topic ;) )!
>>
>> We should not make it easy for users, especially inexperienced ones, to
>> install loosely secured systems.
>>
>> I have a system I installed yesterday where the root passwd is "r" and
>> the
>> user password is "s." That's just as bad as auto-login.
>>
>> I'm just happy that Kris has cleaned that bit up. That said, I think a
>> 4-character minimum for user password is to0 low. Six to 8 should be
>> better.
>>
>>
>
> Well, I made the user/root passwords a bit less strict, since a common
> one for virtual-machines is "pcbsd" :)
>
>>> IIRC, SSH is disabled in PC-BSD so there shouldn't be too much worry if
>> a > user prefers 'password'.
>>
>> I don't think that running a network service is the sole reason for
>> setting strong passwords. What about protecting physical access?
>>
>
> In the case of disk-encryption, yes you want a better password. But when
> it comes to physical access, just reboot and go to single user,
> insta-root. (Why i use encryption on my disks now)
>

But there is a way to protect single-user mode, right?

--
Fini Decima
http://LinuxBSDos.com




More information about the Testing mailing list