[CentOS] Another Fedora decision

Tue Feb 3 00:32:15 UTC 2015
Warren Young <wyml at etr-usa.com>

> On Feb 2, 2015, at 4:26 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> 
> On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote:
>>> 
>> Let’s flip it around: what’s your justification *for* weak passwords?
>> 
> You don't need to write them down.

The new rules are:

1. At least 8 characters.

2. Nothing that violates the pwquality rules: 

    http://linux.die.net/man/8/pam_pwquality

Are you telling me you cannot memorize a series of 8 characters that do not violate those rules?

I’m the first to fight boneheaded “password security” schemes like a required change every N weeks, but this is not that.  Spend a bit of time, cook up a really good password, and then use it for the next several years.  That amortizes the cost of memorization to near-zero, greatly reducing the drive to write it down in an insecure place.

> Or trust some 3rd party password
> keeper to keep them.


That doesn’t really apply here.  Any password you have to type into a GUI is going to have to be something you can memorize.  Password managers are for things you access *after* you are logged in.

(Another gripe of mine: this recent trend toward using some “cloud” login as your OS login.  Apple, Microsoft, and Google are now all doing this!  This perforce requires me to weaken a password with a cloud-sized attack surface (i.e. frackin’ huge) to the point that I can memorize it.  Before this change, I was using huge random passwords and 2FA.  That doesn’t work any more in a world where the OS now requires my cloud password every time it wants elevated privileges.)

> Whereas when 'not weak' is determined by
> someone else in the middle of trying to complete something, you are
> very likely to have to write it down.

Presumably you have already worked out a good password, and memorized it.

This change is not going to enforce uniqueness per server.

(Though, if this server will be used via SSH, it might be a good idea to do that anyway.  SSH keys — optionally with passphrases — are more secure than even quite a long human-memorizable password.  Disable password auth and use keys.)