I want to throw a big "Forget you!" to anybody who decides I can't use an OS password that is to weak. Ubuntu warns you about it during installation, but allows you use it anyways. While this is annoying, it's still acceptable. Certain distros, Fedora for example, flat out refuse to let you use a password that they deem unacceptable. What were they thinking!? No one has access to my machine, and if they did I wouldn't care anyways. I see no reason for this ridiculous behavior.

/facepalm

The do it so they don't get blamed when someone ruins your computer because you're too lazy to use a secure password.

Oh, and there are ways and means.

You're not allowed to use love, sex, secret, and god as your password.

hunter2 > Chuck Norris

Wtf? It does sound like a very silly idea you're right, considering an OS password is about as secure as tying your bicycle to a lamp post with a piece of twine.
It just slows them down slightly.

Are you allowed to use password as your password?

+1 facepalm; make psswrds as lowng and confuzingk as possibole

The do it so they don't get blamed when someone ruins your computer because you're too lazy to use a secure password.

Oh, and there are ways and means.

If someone wanted to ruin my computer they could pick it up, and throw it across the room no matter how secure my password is. The fact that you felt the need to insult me tells me alot about you. It has nothing to do with being "lazy" I can't remember my password, because they didn't let me use the one I wanted to, and I haven't logged in in a couple weeks. If you read the op, no one has access to my machine, and if they did, so what.

Wtf? It does sound like a very silly idea you're right, considering an OS password is about as secure as tying your bicycle to a lamp post with a piece of twine.
It just slows them down slightly.

Are you allowed to use password as your password?

Right. If someone has access to my machine, that means they broke into my house. At that point the security of my password is the least of my concerns.

Unless the drive is encrypted, physical access is root access. Anything you use that is internet facing should have a strong password however.

If someone wanted to ruin my computer they could pick it up, and throw it across the room no matter how secure my password is. The fact that you felt the need to insult me tells me alot about you. It has nothing to do with being "lazy" I can't remember my password, because they didn't let me use the one I wanted to, and I haven't logged in in a couple weeks. If you read the op, no one has access to my machine, and if they did, so what.

So you're fine with people stealing all your files, monitoring everything you do on your computer, and then after they've gained enough information, deleted everything on it? Or maybe a personal favourite of mine, turn off all the fans so it overheats and melts?

If someone wanted to ruin my computer they could pick it up, and throw it across the room no matter how secure my password is. The fact that you felt the need to insult me tells me alot about you. It has nothing to do with being "lazy" I can't remember my password, because they didn't let me use the one I wanted to, and I haven't logged in in a couple weeks. If you read the op, no one has access to my machine, and if they did, so what.

So if it wasn't a password you normally used, why didn't you write it down? That shouldn't be an issue since, as you said, " no one has access to my machine, and if they did, so what."

You are always going to lose the password argument, so don't bother trying to have it. As I said to the three people who called today about it, "that's how it is."

Dammed if they do dammed if they don't. Remember all the folks yelling how bad MS was for making Windows so insecure where the default does not even ask for passwords?

Now Linux Distros are asking users to set them with some common sense at the beginning and the are called ridiculous.

Complaining for the sake of complaining seems to be the norm these days :rolleyes:

I don't see why the user should even be required to have a password at all. MySQL is one of the most used database applications in the world and it doesn't require a password.

Dammed if they do dammed if they don't. Remember all the folks yelling how bad MS was for making Windows so insecure where the default does not even ask for passwords?

Now Linux Distros are asking users to set them with some common sense at the beginning and the are called ridiculous.

Complaining for the sake of complaining seems to be the norm these days :rolleyes:

Asking for you to set a password is one thing, forcing one on you is another. Not only that, but it has to be a good one too.

Asking for you to set a password is one thing, forcing one on you is another. Not only that, but it has to be a good one too.

Forcing you to use a good password is bad because?

So if it wasn't a password you normally used, why didn't you write it down? That shouldn't be an issue since, as you said, " no one has access to my machine, and if they did, so what."

You are always going to lose the password argument, so don't bother trying to have it. As I said to the three people who called today about it, "that's how it is."

I did write it down I can't find it. I'm not a very organized person, so this whole force a useless password on me thing is annoying.

So you're fine with people stealing all your files, monitoring everything you do on your computer, and then after they've gained enough information, deleted everything on it? Or maybe a personal favourite of mine, turn off all the fans so it overheats and melts?

As I said, no one has access to it. If someone broke into my house this would not be their motive. They would steal my computer not hack into it.

As I said, no one has access to it. If someone broke into my house this would not be their motive. They would steal my computer not hack into it.

Who said anything about local hacking?

Who said anything about local hacking?

I'm behind a router. The only websites I visit are this one, espn.com, cavs.com(nba), clevelandbrowns.com(nfl), and distrowatch. I'm not getting hacked by anyone.

You should have a strong password, but I agree they shouldn't force it on you.

passwords make an insignificant differrence locally.

the hacker is most likely to come from China, where one-third aspire to be hackers. (statistics, not nationalistic racism)

I'm behind a router. The only websites I visit are this one, espn.com, cavs.com(nba), clevelandbrowns.com(nfl), and distrowatch. I'm not getting hacked by anyone.

I want to "hack" you now just to prove a point. I won't, but it's the thought which counts.

Forcing you to use a good password is bad because?

not every situation requires it?

I want to "hack" you now just to prove a point. I won't, but it's the thought which counts.

That's funny. You don't even know my ip. You going to hack Ubuntu Forums first? I bet they use a strong password. However would you get through. :rolleyes:

add: If you could it just proves my point that a password is pretty pointless.

not every situation requires it?

If it requires a password then it should be a good one. Otherwise, why are you using a password?

If it requires a password then it should be a good one. Otherwise, why are you using a password?

because it requires it.

Unless the drive is encrypted, physical access is root access.
Encryption helps?
http://xkcd.com/538/

@swoll: actually he could try to get your email address (do you allow direct emails from here) and when the email passes through your router, he could install an altered version of the chucknorris botnet on your router. How strong is the password on your router?

If it requires a password then it should be a good one. Otherwise, why are you using a password?

i can see the advantage of recommending a strong password, but really, why force it? do we force people to lock their front doors when they go out?

@swoll: actually he could try to get your email address (do you allow direct emails from here) and when the email passes through your router, he could install an altered version of the chucknorris botnet on your router. How strong is the password on your router?

Why would the email pass through my router? Anyways my router password is strong, not that it really makes a difference. It's more of a "maybe they will pass me up, and move to the next one" kind of thing.

i can see the advantage of recommending a strong password, but really, why force it?

Good passwords are enforced in an effort to protect the system from the user. If he can't remembers his password, then he can't screw anything up.

Why would the email pass through my router? Anyways my router password is strong, not that it really makes a difference. It's more of a "maybe they will pass me up, and move to the next one" kind of thing.

that is sort of the crux of it -- you don't need to be the most secure person on the planet, just more secure than most while having assets (target value) comparable or less than most.

the standard considerations that bad guys make are:

high versus low value target

hard versus soft target


Sarah Palin forgot that when she tried to run for vice president of the united states. she became a high value target that was a soft target, and her e-mail was cracked as a result.

as your fame/fortune/notoriety goes up, so should security measures.... or as an individual or group's dislike for you goes up. the spiteful ex-girl/boyfriend could potentially make you a high value target to them, for example.

I think Ubuntu is very reasonable regarding security and passwords.
My password is very fast to type, so not much of a bother.
Requests for passwords doesn't come up unnecessarily, like I feel they sometimes do in that other OS.

But it only protects against malware screwing with your system files, everything else is largely unprotected AFAIK.

If someone gains physical access, every door is open, unless you use encryption.

Ubuntu in it self is not so much the problem, but I think most DEs are, they allow installation of automatic startup programs without root access, this may become a problem I think.
Spyware hunting for login information to your bank account doesn't need root access, they just need to be able to run.
Most sensitive information is largely unprotected in your home dir, not as system files that require root.

I think security needs to be tightened in several areas, but I'm far from being an expert.

that is sort of the crux of it -- you don't need to be the most secure person on the planet, just more secure than most while having assets (target value) comparable or less than most.

the standard considerations that bad guys make are:

high versus low value target

hard versus soft target


Sarah Palin forgot that when she tried to run for vice president of the united states. she became a high value target that was a soft target, and her e-mail was cracked as a result.

as your fame/fortune/notoriety goes up, so should security measures.... or as an individual or group's dislike for you goes up. the spiteful ex-girl/boyfriend could potentially make you a high value target to them, for example.

That's how car hopping works. If your doors are unlocked you're a target. If you have valuables in site you're a target. If your doors are locked, and there's nothing of value in site, then you're not a target.

Good passwords are enforced in an effort to protect the system from the user. If he can't remembers his password, then he can't screw anything up.

lol so if someone can't remember a password then they're unworthy of using a computer they've bought?
catch a grip :D

@swoll: it passes through when all you do is open it you won't even need to open any attachments

@swoll: it passes through when all you do is open it you won't even need to open any attachments

I don't open emails from people I don't know. That would be silly. I don't use email clients either. That would also be silly. All my security is preventive. My father always said "An ounce of prevention is worth a pound of cure."

Ok, here's the other side of the coin: I use a different 16 character password generated by random.org for my user and every website I have an account at. Of course, it's impossible for me to remember them, so I have them written down. However, I then went and left the paper sitting in front of a computer in my university computer lab. D'oh!

The point is, no matter what you do there is a loophole. I agree with swoll; if you don't feel the need for a password, you shouldn't be forced to have one.

All my security is preventive. My father always said "An ounce of prevention is worth a pound of cure."

So you believe in "preventative" security but you wish you could use weak passwords? Can anyone else see what's wrong with that statement?

swoll1980: You're right, an OS shouldn't force you to use a particular kind of password. But I don't understand why you lost your password. Since you don't care if an attacker has physical access to your computer, you could write it on a post-it note and stick it to your monitor.

So you believe in "preventative" security but you wish you could use weak passwords? Can anyone else see what's wrong with that statement?

swoll1980: You're right, an OS shouldn't force you to use a particular kind of password. But I don't understand why you lost your password. Since you don't care if an attacker has physical access to your computer, you could write it on a post-it note and stick it to your monitor.

I don't want some ugly post it note stuck to my monitor. In being preventive in all my computing activities. I feel I've earned the right to log into my machine with out looking around for a piece of paper.

Ok, here's the other side of the coin: I use a different 16 character password generated by random.org for my user and every website I have an account at. Of course, it's impossible for me to remember them, so I have them written down. However, I then went and left the paper sitting in front of a computer in my university computer lab. D'oh!


On your own computer, you can use a password manager to manage all your strong passwords. You just need to remember one password, to open the manager.

If you're using public computers, you could put all your passwords on a USB stick encrypted with (for example) truecrypt. Again, you need to remember one password.

If you don't like having to type a long password, set up automatic log in.

The thing is, a short password is a security hole, no matter how you look at it.

So you only ever visit a few trusted web sites? Well have you ever heard of cross site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting)? Pair that with a minor flaw in your web browser, and you get a trojan on your computer. If you don't have a strong password, the trojan can just guess your password until it gets root access.

Sure, that sounds a little far fetched now, with Linux holding only 1% of the desktop market share, it's not a big target. But once Ubuntu is a big player with just as many non-techie people as Windows, then that will be a problem.

Also, your router that is supposedly protecting you, guess what, it doesn't do you any good if it gets rooted. Router based worms (http://blogs.zdnet.com/security/?p=2972) aren't that rare.

You are asked to use a strong password to protect yourself and others. We don't need another node on a botnet. (especially one attacking Linux hosts)

Certain distros, Fedora for example, flat out refuse to let you use a password that they deem unacceptable. What were they thinking!?

Fedora only requires that the password be at least 6 characters long. I've seen systems with much stricter requirements and I agree that it can be annoying, but Fedora's is pretty reasonable.

Woah! that was an interesting thread to watch.. I mean read :popcorn: . I was on the edge of my seat the whole time :biggrin:. lol :lol:

anyways. swoll, yes you do need a secure password, However i do agree with you that a Operating System should not force you to choose one if you don't feel like it.

and guys, calm down. this thread was like a soap opera. :D

wow in the time it took me to post my reply there was a whole new page o replys lol. time to watch some more :popcorn:

I don't want some ugly post it note stuck to my monitor. In being preventive in all my computing activities. I feel I've earned the right to log into my machine with out looking around for a piece of paper.

I'm surprised no one's brought this up yet: in Linux you can change your machine's password policy. Someone explains how to do this here (http://www.linuxquestions.org/questions/linux-security-4/howto-change-system-password-policies-passwd-length-complexity-360522/). It seems to change the policy in Ubuntu, you need to edit the file /etc/pam.d/common-password. Of course, you should read up on the subject, and back up that file, before you edit it.

How would you get rid of a worm on your router, or even know if it were there?

I'm surprised no one's brought this up yet: in Linux you can change your machine's password policy. Someone explains how to do this here (http://www.linuxquestions.org/questions/linux-security-4/howto-change-system-password-policies-passwd-length-complexity-360522/). It seems to change the policy in Ubuntu, you need to edit the file /etc/pam.d/common-password. Of course, you should read up on the subject, and back up that file, before you edit it.

Thanks for the useful info.

How would you get rid of a worm on your router, or even know if it were there?

http://www.linuxplanet.com/linuxplanet/tutorials/6726/2/

:D

OMG! Whats wrong with you people. Instead of just telling him how to fix it, you give him a 5 page ******* lecture on why he shouldn't do it.

If he doesn't want a strong password, just freaking tell him how to fix it instead of forcing your beliefs on him.

It's cute that so many people use linux because of it's configurability and choice, then get berated for exercising it.

Get a grip, the OP is spot on.

I often wonder weather there is any point having any sort of security at all.

All that`s on my hard drives is a lot of music (99% of which I have hard copies (cd, vinyl) of), a load of photos that are backed up ad finitum even to drives that aren`t connected to anything.

A few videos (some of suspect repute) and a lot of useful/useless linux stuff (useless if you`re not and don`t intend to use linux).

The only sensetive data is a big list of chip shop phone numbers which my competitors know anyway and if they didn`t could look in the phone book for.

I know how to check what is "going out and coming in" to my network so why bother with security? - go on hack away :D I don`t care

But I do......anyway.

The Community Chat area is for lighthearted and enjoyable discussions, like you might find around a water cooler at work.

umm isn't this supposed to be light hearted discusions.:P
ohh well i guess people get "excited" even at watercoolers. lol ;)

OMG! Whats wrong with you people. Instead of just telling him how to fix it, you give him a 5 page ******* lecture on why he shouldn't do it.

If he doesn't want a strong password, just freaking tell him how to fix it instead of forcing your beliefs on him.

I seem to remember that the OP wasn't asking how to change Linux's behaviour wrt passwords. He was complaining, not asking for help.

But I just told him how to change this anyway.

How would you get rid of a worm on your router, or even know if it were there?

I just had visions of someone figuring out my ISP from my IP address, which isn't impossible. From that, a ratbag might be able to guess that if I'm like a lot of their customers, I will have taken up the ISP's offer of a "free" router/modem. By finding out which model modems & routers the ISP has offered as "freebies" over the years, they might get lucky and guess correctly which one I happen to be using. Then, assuming that I haven't bothered changing the default password...... It might need a little bit of educated guess work but it's not impossible for people to get in and do some mischief.

On the other hand, I might have done something like upgrading the firmware, replaced the "freebie" with something that isn't on the list, changed the password, or taken some other precaution that would at least slow them down.

I seem to remember that the OP wasn't asking how to change Linux's behaviour wrt passwords. He was complaining, not asking for help.

But I just told him how to change this anyway.

He wasn't asking for a 5 page lecture either.

I seem to remember that the OP wasn't asking how to change Linux's behaviour wrt passwords. He was complaining, not asking for help.

But I just told him how to change this anyway.

I didn't realize this was possible before installation, or I would have been asking for help. I wouldn't call it a complaint more of an expression of my thoughts on forced passwords.

He wasn't asking for a 5 page lecture either.

I wanted other people's thoughts on this as well, which was the reason for the thread. Only thing I was wasn't expecting was a personal attack. That seemed a little over the top for this kind of issues. It wasn't like it was some kind of political, or religious topic. I would have liked to keep the topic as whether, or not passwords should be forced, rather than whether, or not I should use them, but I knew that wasn't going to happen.

I want to throw a big "Forget you!" to anybody who decides I can't use an OS password that is to weak. Ubuntu warns you about it during installation, but allows you use it anyways. While this is annoying, it's still acceptable. Certain distros, Fedora for example, flat out refuse to let you use a password that they deem unacceptable. What were they thinking!? No one has access to my machine, and if they did I wouldn't care anyways. I see no reason for this ridiculous behavior.

i think that there is no point in warning you its a "bad" password if it still lets you use it . it should stop you setting bad passwords or it should shut up

I just had visions of someone figuring out my ISP from my IP address, which isn't impossible. From that, a ratbag might be able to guess that if I'm like a lot of their customers, I will have taken up the ISP's offer of a "free" router/modem. By finding out which model modems & routers the ISP has offered as "freebies" over the years, they might get lucky and guess correctly which one I happen to be using. Then, assuming that I haven't bothered changing the default password...... It might need a little bit of educated guess work but it's not impossible for people to get in and do some mischief.

On the other hand, I might have done something like upgrading the firmware, replaced the "freebie" with something that isn't on the list, changed the password, or taken some other precaution that would at least slow them down.

Most routers, by default, don't allow remote management.

i think that there is no point in warning you its a "bad" password if it still lets you use it . it should stop you setting bad passwords or it should shut up

Disagreed. In my opinion Ubuntu's way is a good balance. Warns, but leaves the choice.

When I would use weak passwords, you ask? Simple: when testing alpha releases on a virtual machine.

Disagreed. In my opinion Ubuntu's way is a good balance. Warns, but leaves the choice.

When I would use weak passwords, you ask? Simple: when testing alpha releases on a virtual machine.

Not that it matters, but the Fedora 12 password I lost was for a virtualBox installation that I needed for my IT250 Linux desktop OS class.

I wanted other people's thoughts on this as well, which was the reason for the thread.

IMO, it's good default setting. If you know enough about security, you should know how to set up a weak password. If you don't, then it's advised to use a strong one.


Disagreed. In my opinion Ubuntu's way is a good balance. Warns, but leaves the choice.

When I would use weak passwords, you ask? Simple: when testing alpha releases on a virtual machine.
+1

Most routers, by default, don't allow remote management.

In my opinion, that's a good policy. The one I currently use does that, and even has an option for temporary access. I'm not sure of the details (I haven't needed to use it or look into it fully) but think it uses some kind of time limit.

In my opinion, that's a good policy. The one I currently use does that, and even has an option for temporary access. I'm not sure of the details (I haven't needed to use it or look into it fully) but think it uses some kind of time limit.

I can't think of any reason I would ever have to configure my home router remotely. A commercial one, sure I can see the value in that, but for home use it seems like a bad idea.

@lisati: w/ most router malware, updates help a little, but the password makes the big diff.

Only thing I was wasn't expecting was a personal attack.

Do you think you've been attacked? I didn't get that from the thread.

Maybe you've misunderstood something that someone said. It's easy to misunderstand cold text, when you can't see the other person's face or hear the tone of his voice.

Do you think you've been attacked? I didn't get that from the thread.

Maybe you've misunderstood something that someone said. It's easy to misunderstand cold text, when you can't see the other person's face or hear the tone of his voice.

Someone said I was lazy because I didn't feel the need to use a strong password. That's a personal attack.

i think that there is no point in warning you its a "bad" password if it still lets you use it . it should stop you setting bad passwords or it should shut up

there's plenty of point. many people just wouldn't know that it's a bad password. an indication of this is good. forcing you to do it even when you know it's not secure but want to do it anyway isn't good.

@ mark and post monkeh: freedom as in ability to do what some consider "stupid", b/c they are so low a target.

I would rather my machine just advise me and not control me.

@Nightwish: exactly!

Dammed if they do dammed if they don't. Remember all the folks yelling how bad MS was for making Windows so insecure where the default does not even ask for passwords?

Now Linux Distros are asking users to set them with some common sense at the beginning and the are called ridiculous.

Complaining for the sake of complaining seems to be the norm these days :rolleyes:

I see a flaw in this logic, you've left out the middle ground: having to set a password without enforced "common sense".



that is sort of the crux of it -- you don't need to be the most secure person on the planet, just more secure than most while having assets (target value) comparable or less than most.

the standard considerations that bad guys make are:

high versus low value target

hard versus soft target


Sarah Palin forgot that when she tried to run for vice president of the united states. she became a high value target that was a soft target, and her e-mail was cracked as a result.

as your fame/fortune/notoriety goes up, so should security measures.... or as an individual or group's dislike for you goes up. the spiteful ex-girl/boyfriend could potentially make you a high value target to them, for example.

Nicely put, IMHO.

I see a flaw in this logic, you've left out the middle ground: having to set a password without enforced "common sense".


I pointed this out. It doesn't have to be one extreme, or the other. It's like the speed limit in front of my house is 50 mph. I complain that it isn't safe, so they change it to 2 mph. 25 mph would be nice.

remember the recent _I, Robot_ movie "rules are made to be broken": rules say choose a good password. But as some Greeks said, "It's not what you do that counts, it's what you get caught doing"
Maybe OP never had a GF, only goes to four sites, has a spam filter that blocks anyone not his friend... he dosen't have to worry about passwords; he won't get caught.
As for me, I never had a GF, ONLY went to four sites this week, never even get spam...I don't have to worry about passwords b/c only my family has physical access to the always-locked computer, yet keep very strong passwords anyway.
I could sleep safe w/ a password of "ubunterooster", I have no risk.

+1 facepalm; make psswrds as lowng and confuzingk as possibole

Never use dictionary words and use numbers and symbols mixed together. I usually keep my OS passwords 20+ in length. But that's just me.

Yes, my Master(Netra). Your command is followed.

I want to throw a big "Forget you!" to anybody who decides I can't use an OS password that is to weak. Ubuntu warns you about it during installation, but allows you use it anyways. While this is annoying, it's still acceptable. Certain distros, Fedora for example, flat out refuse to let you use a password that they deem unacceptable. What were they thinking!? No one has access to my machine, and if they did I wouldn't care anyways. I see no reason for this ridiculous behavior.

http://fedoraproject.org/wiki/Communicate

Forcing you to use a good password is bad because?

Answer

Your being forced to do something.

That alone is enough reason for me.

double post

http://fedoraproject.org/wiki/Communicate

I don't care about Fedora enough to read a wiki. It's one of my least favorite distros, and when I found out it was the OS used in my class, I wanted to drop bombs on the computer lab. It's always been extremely unstable for me. It has never worked right from the installer to the package management. I once had the installer lock up on me during the partitioning, and it completely borked my whole hard drive. Today when I finished reinstalling it, I tried updating it through the gui, and the package manager got borked. I fixed it through the cli, but what a pain. I don't blame them for this, it's all use at your own risk, but it leaves a bad taste in my mouth.

Wtf? It does sound like a very silly idea you're right, considering an OS password is about as secure as tying your bicycle to a lamp post with a piece of twine.
It just slows them down slightly.

Are you allowed to use password as your password?

Yes, I use it all the time when I install either another distro or a alpha/beta to test. It sure beats having a new password to remember for two weeks.

Although you can enter anything and just override the nag screen on a clean install, the last time I tried, I couldn't change my password to something less than 8 characters in Ubuntu.

I did write it down I can't find it. I'm not a very organized person, so this whole force a useless password on me thing is annoying.

Do what I do, write it on a post-it note and stick it on your monitor (only joking, a bit of light-hearted nonsense, so just ignore me :) )

I can't think of any reason I would ever have to configure my home router remotely. A commercial one, sure I can see the value in that, but for home use it seems like a bad idea.

I don't know of a reason either. The best I can come up with is if it's a "freebie" from an ISP and the help desk want to do something like walk a novice user through the settings.

Linux doesn't think whether you need a password or not, the developer doesn't know you need password or not. There just put there just in case if you have some secrets you don't want people to know. Its hard to please everybody. I know I don't have secrets in my computer but I have seen my client's computer has been hack and crack and some sensitive information was stolen. Better to be safe than sorry.

Hmm, it is easy to change the password requirements in /etc/pam.d, but don't come yammering here once your computer is zonked. You won't get much sympathy...

A strong password is only one part of a web of security. The others being, vigilance, good firewall setup and potential encryption.


That said there is no excuse for not having a strong password. If you think it is you are doing it wrong. If you are struggling to come up with strong passwords here are some tips:

Use a phrase rathr than a word or random characters. For example: theubuntuforumisrad
Building on there simple punctuation increases security another fold: Theubuntuforumisrad.
Why not develop it a little, spaces, dashed, and extra capitalisation: The Ubuntu-Forum is rad.


That above suggestion is 24 characters. For any viable algorithm this is more than secure and because it is a phrase it is much easier to remember than Doz\998zx.:d[w*

Oh and any site that enforces max passwords (particularly smaller limits) is stupid.

Your being forced to do something.

That alone is enough reason for me.

Nobody is forcing you to do anything. Modify PAM yourself the way you want it to be and good luck with the result.

Some people only learn the hard way...
;)

Well if you are sure about using a password not very safe okay.....
But if some one got in your computer ...... you have been warned.

Well if you are sure about using a password not very safe okay.....
But if some one got in your computer ...... you have been warned.

Have you even read the thread? The OP has already stated there stance on what you just mentioned.

Some ppl seem to be taking things too seriously... :rolleyes:

I don't care about Fedora enough to read a wiki. It's one of my least favorite distros, and when I found out it was the OS used in my class, I wanted to drop bombs on the computer lab.

it probably makes a great deal of sense for students to learn Fedora, actually... Fedora today is what RHEL/CentOS will be a few years from now, after the students graduate.

i would also venture to guess a RHEL cert is more valuable than something generic like a comptia linux plus cert....