163072 – Password strength meter too high for short passwords

Bug 163072 - Password strength meter too high for short passwords

Summary: Password strength meter too high for short passwords

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	kdelibs
Classification:	Frameworks and Libraries
Component:	kwallet (show other bugs)
Version:	unspecified
Platform:	Ubuntu Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Unassigned bugs mailing-list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-06-02 16:11 UTC by dionisus torimens
Modified:	2008-06-06 06:13 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description dionisus torimens 2008-06-02 16:11:35 UTC

Version:            (using KDE 4.0.4)
Installed from:    Ubuntu Packages
OS:                Linux

I can get an almost full strength bar with 5 characters and a full one with 6, even with the last two being equal numbers.

This gives a false sense of security.

Most experts agree that passwords should have at least 8 characters to be secure:
http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords ("12 to 14")
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-pass.html ("at least 8")
http://www.itd.umich.edu/itcsdocs/r1162/#guide ("at least 9")
http://news.bbc.co.uk/2/hi/science/nature/2061780.stm ("at least 8")
http://www.securityfocus.com/infocus/1537 (6-9)
http://www.microsoft.com/protect/yourself/password/create.mspx (8 or more, recommend 14 or more)

Comment 1 dionisus torimens 2008-06-06 06:13:36 UTC

Bug mostly fixed in KDE 4.1 beta1 AMD64 (Ubuntu).