I'm used to have easy to remember passwords for all sites where there is no need to have a strong one. Why does joining Drupal requires using upper and lower case letters, numbers and punctuation marks? And if I choose to use some simple string like: 1234abcd, shouldn't that be okey with you?

I mean, it is not as if needed a top secret classification secure password, or that I would be required to perform funds transfering... Now with this ranting I forgot why I wanted to join the community in the first place! But seriously guys, ease a bit and allow us to use whatever string we can easily recall without having to resort to a crypto password generator DoD graded. :D

Comments

Anonymous’s picture

In a live site, you should use SSL encryption for authentication , a strong password AND change it often to make life hard for hackers.

Use password management software (like keepass) to keep track of your passwords, because you won't remember them.

Or maybe I'm just paranoid.

:-)

Anonymous’s picture

Sorry, misread your post.

Re joining Drupal site, I agree with your point because password strength is irrelevant if SSL is not used ( which I don't think it is ? )

Charles Oertel’s picture

Two things:

  1. Do not confuse 'easy to remember' with 'easy to hack'. It is quite possible to have an easily-remembered password that is strong and includes digits and punctuation.
  2. Insecure passwords are the main vector of security breaches. On this site, it is possible for a spambot to guess a password for a user, then use that logon to post meaningless posts with links to their pron sites etc. It is an administrator's nightmare to keep cleaning the stuff up.
lowrytech1’s picture

I am on D7 and currently looking for a module or method to handle enforcing strong passwords.
I am hoping someone in the community has a link for me.
BTW, I am SSL encrypted ;)