Hi Johan, > His point in short: passwords are not all that important any more. > All virus spreading and hacking these days is done by sending malicous mails and by visiting malicious sites. <polemical-mode>If your brother in law doesn't see that the virus argument doesn't apply to the question of whether or not to choose strong passwords maybe he shouldn't be a software developer in the first place.</polemical-mode> Strong passwords don't protect against viruses, phishing etc. pp., that is true. But having weak passwords opens a plethora of other attack vectors beside that, and as for instance the iTunes hack shows there *are* real-world scenarios where passwords are attacked successfully. Just put an ssh server on a public IP and wait for a day, and you'll see how many. Regarding the original issue, I don't see where requiring users to enter strong(ish) passwords in the GUI installer at installation time could do any harm except a minor inconvenience for some people. Kickstart is not affected, so automated installs won't break, and on the other hand the use of weak passwords may be reduced a bit by the change. I'm all for it. Cheers, Peter. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 204 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.centos.org/pipermail/centos/attachments/20150131/fb07c8cd/attachment-0003.sig>