Partner links

Anaconda on root and user account password strengths: Why so strict?

Anaconda password strength enforcement

So the third alpha release of what will become Fedora 22 has been released and I’ve managed to download ISO installation images of the main edition, which uses the GNOME 3 desktop, KDE and the Netinstall.

From those installation images, I’ve installed Fedora 22 alpha (GNOME 3), Fedora 22 KDE alpha, and Fedora 22 Cinnamon in virtual environments on my test desktop computer, which just happens to be running Fedora 21 KDE.

So far, I have nothing out of the ordinary to report with respect to the desktops themselves, but I do have a comment about Anaconda, the Fedora system installer.

No, it’s not about all the UX design snafus that Anaconda is known for, but something different. And that something different is password strength enforcement. If you have installed one of the latest alpha releases, I’m sure you know what I’m talking about. If not, here’s what happens when you’re creating a user account and specifying a password for the root account.

Anaconda will not accept a password that’s less than seven characters. And no, a password that’s the same as the username, even if it’s more than seven characters, will not fly. If it contains the username in some form, that won’t fly too. In fact, if it’s deemed weak, Anaconda will not let you go past that step.

And that’s the problem: The definition of weak is too strict. So strict that even a password I use for online banking failed the test. And that’s an alphanumeric password with upper and lowercase letters. I can understand a very strict password enforcement for an online account, but for a desktop, yes, let’s be strict, but leave room for when you don’t really need to be paranoid.

Anybody from Fedora listening?

The image below shows the user setup step during the installation and some of the password strength test fail messages.
Anaconda password strength enforcement

Share:

Facebook
Twitter
Pinterest
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
5 Comments
Inline Feedbacks
View all comments
Henry
Henry
9 years ago

Just hoping Fedora team(s) will read this article.
=)

Davide Repetto
9 years ago

Just click on the button twice and anaconda will oblige, weakness of the password not withstanding. 🙂

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
5
0
Hya, what do you think? Please comment.x
()
x