[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] confirm password



Karl MacMillan wrote:
On Thu, 2007-09-06 at 14:27 -0700, Kevin McCarthy wrote:
After some feedback from Bob and Pete, I'm removing the password
generator and adding a confirm password field.  (Just commented out for
now in case people change their mind)


What was the rationale for this?

Generating passwords requires that the password be communicated to the admin in the clear which introduces shoulder surfers and screen scrapers to the threat model. In addition the password is not likely to be memorable enough to not be written down somewhere, and so further exposing it to risk of compromise.

--
Pete

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]