Closed (fixed)
Project:
Drupal core
Version:
7.x-dev
Component:
user system
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
23 Nov 2009 at 18:14 UTC
Updated:
5 Jan 2010 at 14:50 UTC
Jump to comment: Most recent file
If a password consists of one lowercase letter, one capital letter, one special character and one number, then it is still only 4 characters long. Call such a password "strong" is a bad security risk, because each brute force cracker handles this task in seconds.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | 640726_password_strength.patch | 1.08 KB | mcarbone |
Comments
Comment #1
mcarbone commentedYeah, that's no good. This patch tweaks the formula to punish passwords with fewer than 6 characters a little more, and fixes a minor bug with "Strong" not displaying properly when the score jumps directly to 100 from less than 80.
Comment #2
dries commentedCommitted to CVS HEAD. Thanks.