If a password consists of one lowercase letter, one capital letter, one special character and one number, then it is still only 4 characters long. Call such a password "strong" is a bad security risk, because each brute force cracker handles this task in seconds.

CommentFileSizeAuthor
#1 640726_password_strength.patch1.08 KBmcarbone

Comments

mcarbone’s picture

Assigned: Unassigned » mcarbone
Status: Active » Needs review
StatusFileSize
new1.08 KB

Yeah, that's no good. This patch tweaks the formula to punish passwords with fewer than 6 characters a little more, and fixes a minor bug with "Strong" not displaying properly when the score jumps directly to 100 from less than 80.

dries’s picture

Status: Needs review » Fixed

Committed to CVS HEAD. Thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.