Bug 1267147 - silly password requirements
Summary: silly password requirements
Keywords:
Status: CLOSED DUPLICATE of bug 1265066
Alias: None
Product: Bugzilla
Classification: Community
Component: User Accounts
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: PnT DevOps Devs
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-29 06:58 UTC by Pierre Ossman
Modified: 2015-09-29 07:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-29 07:46:01 UTC
Embargoed:

Attachments (Terms of Use)

Description Pierre Ossman 2015-09-29 06:58:04 UTC 
I was unfortunately greeted with the error message that I had to change my password here because it did not fulfil the new requirements. And I was very disappointed to see that you've started with the silly nonsense that is fairly well known by now to produce shit passwords.

I have nothing against password policies, but at least have a decent one, like requiring a long passphrase rather than a single word.
Comment 1 Jason McDonald 2015-09-29 07:46:01 UTC 
The change in complexity requirements was made because a disturbingly high number of Bugzilla users with access to confidential data were found to have extremely weak passwords (e.g. six character dictionary words).  We decided to address that problem by increasing the lowest common denominator, on the theory that some password complexity is better than none at all.  That has unfortunately inconvenienced some users who were already doing the right thing, and I apologise for that.

We are planning to restore the ability to use long passphrases via Bug 1265066.  You are welcome to provide feedback there if you have any further concerns.

*** This bug has been marked as a duplicate of bug 1265066 ***
Note You need to log in before you can comment on or make changes to this bug.