Bug 1265331
Summary: | Password complexity is worthless and shouldn't be required | ||
---|---|---|---|
Product: | [Community] Bugzilla | Reporter: | Joe Julian <joe> |
Component: | User Accounts | Assignee: | PnT DevOps Devs <hss-ied-bugs> |
Status: | CLOSED DUPLICATE | QA Contact: | tools-bugs <tools-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.4 | CC: | jmcdonal, mtahir, qgong, xiawu |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-09-25 04:06:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joe Julian
2015-09-22 16:50:18 UTC
Hi Joe, The change in complexity requirements was made because a disturbingly high number of Bugzilla users with access to confidential data were found to have extremely weak passwords (e.g. six character dictionary words). We decided to address that problem by increasing the lowest common denominator, on the theory that some complexity is better than none at all. That has unfortunately inconvenienced some users who were already doing the right thing, and I apologise for that. Your points above about complexity vs entropy are, of course, completely valid. We are planning to restore the ability to use long passphrases via Bug 1265066. You are welcome to provide feedback there if you have any further concerns. *** This bug has been marked as a duplicate of bug 1265066 *** |