Masami Ichikawa wrote: > +Template: passwd/chkpasswdstrength > +Type: boolean > +Default: true > +_Description: : Reject weak passwords? > + Please choose whether you want the entered passwords strength to be > + checked and passwords found as 'weak' to be rejected.
I'd suggest turning this around. Don't first ask whether to check passwords. Just check them. If the password is weak, prompt y/n whether to accept the weak password. The benefits are: a. It's easier to decide whether a weak password should be accepted once you've actually entered it. It could even indicate what's wrong with the password in its message. b. This avoids the extra question "most" of the time, assuming people often enter a strong password. c. This should be reasonably non-annoying for testers, who tend to use weak passwords. Also, it seems to me that it would be much better to use the existing cracklib stuff for password strength checking rather than re-implementing that. If it could be made into a small enough udeb.. -- see shy jo
signature.asc
Description: Digital signature
