[CentOS] Fedora change that will probably affect RHEL

Thu Jul 30 15:54:44 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Wed, July 29, 2015 4:16 pm, Chris Murphy wrote:
> On Wed, Jul 29, 2015 at 2:15 PM, Warren Young <wyml at etr-usa.com> wrote:
>> Just because one particular method of prophylaxis fails to protect
>> against all threats doesn’t mean we should stop using it, or increase
>> its strength.
> Actually it does.There is no more obvious head butting than with
> strong passwords vs usability. Strong login passwords and usability
> are diametrically opposed.
> The rate of brute force attack success is exceeding that of human
> ability (and interest) to remember ever longer more complex passwords.
> I just fired my ISP because of the asininity of setting a 180
> compulsory expiration on passwords.
> Now I use Google. They offer MFA opt in. And now I'm more secure than
> I was with the myopic ISP.

"More secure" only to the level one can trust google ;-)

Just my $0.02


> Apple and Microsoft (and likely others) have been working to deprecate
> login passwords for years - obviously they're not ready to flip the
> switch over yet, it isn't an easy problem to solve, but part of why
> they haven't had more urgency is because they are doing a lot of work
> on peripheral defenses that obviate, to pretty good degree, the need
> for strong passwords, relegating the login password to something like
> "big sky theory"  - it's safe enough to tolerate very weak passwords
> in most use cases. The highest risk, by a lot, is from a family
> member.
> I'm not arguing directly against strong passwords as much as I'm
> arguing against already unacceptable usability problems resulting from
> stronger password policies, because it doesn't scale. Making policies
> opt out let alone compulsory is unacceptable.  Even as the policies
> get stronger people's trust in password efficacy relating to security
> continues to diminish.
> --
> Chris Murphy
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247