On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote: > > 1FuckingPrettyRose > "Sorry, you must use no fewer than 20 total characters." > 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow! > "Sorry, you cannot use punctuation." > 1FuckingPrettyRoseShovedUpYourAssIfYouDontGiveMeAccessRightFuckingNow > "Sorry, that password is already in use.” The new rules are nowhere near that stringent: http://manpages.ubuntu.com/manpages/trusty/man8/pam_pwquality.8.html > Who thinks the password policy in my machines are my concern. Much of the evil on the Internet today — DDoS armies, spam spewers, phishing botnets — is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to other people’s machines. In the previous thread on this topic, 6 months ago, I likened reasonable password strength minima to state-mandated vaccination. Previously-defeated diseases have started to reappear as the antivax movement has gained momentum. Polio came back in Pakistan, measles in California, and whooping cough in Australia, all within the last year or two. https://en.wikipedia.org/wiki/Vaccine_controversies So no, your local password quality policy is not purely your own concern.