[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Stephen J. Turnbull stephen at xemacs.org
Tue Sep 22 01:56:24 CEST 2015


Steven D'Aprano writes:

 > I wouldn't include punctuation [in the password alphabet] by
 > default, as too many places still prohibit some, or all,
 > punctuation characters.

Do you really expect users to choose their own random passwords using
this function?  I would expect that this function would be used for
initial system-generated passwords (or system-enforced random
passwords), and the system would have control over the admissible set.
But users who have to conform to somebody else's rules much prefer
obfuscated passwords that pass strength tests to random passwords in
my experience.

BTW, the last time I had to set a password that didn't allow the full
set of 94 printable ASCII characters, uppercase letters were forbidden
(silently -- it was documented in the help but not on the password
change form, I had no idea why my first three suggestions were
rejected).  Go figure.



More information about the Python-ideas mailing list