[Distutils] "Please use a mix of different-case letters and numbers in your password"
Antoine Pitrou
antoine at python.org
Wed Sep 4 14:53:20 CEST 2013
Donald Stufft <donald <at> stufft.io> writes:
>
> If you can't maintain a basic level of security on your account maybe
> you shouldn't be releasing code for other people to use?
Hey, can you get off your high horses now?
> I don't think it's
> that hard to remember a 16+ character password that has no other
> restrictions besides being 16+ characters.
You know, I think people could care less about what *someone else*
thinks is hard to remember *for them*. They just want to use the
service, not be patronized by some external entity who insists on
rectifying their behaviour.
Also, the talk about how a broken password can threaten other
developers completely misses the big picture. Because even a "strong"
password could be obtained in completely different ways, such as e.g.
compromising the developers' personal computer.
(obligatory reference: http://xkcd.com/538/ )
You seem to be misunderstanding the difference between *providing*
security (e.g. HTTPS, better hashes, etc., which is good) and
*requiring* security-minded practices (e.g. requiring "strong"
passwords), which is a nuisance in many situations.
> Hell repeat your original
> password twice and there you go (passwords also must be at least
> 8 characters).
Well, can I use "aaaaaaaaaaaaaaaaaaaaaaaa" too or do I have to use
"aAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaA"?
If that works, you could disable the restriction right now
because it is not securing anything, it's just a "feel-good"
restriction for security nerds.
Regards
Antoine.
More information about the Distutils-SIG
mailing list