I have to agree with you here, Raffaele. While it's nice to talk
about users and 20 character random keys, the fact of the matter is,
they aren't used by the vast majority of users. In many cases, even
those who *should* know better don't do it.
Sure, you could require a 20 character random key on your site - but
you won't get many people to sign up. Rather than try to remember
such a password, most people will just move on.
There are other tools too, for example pam-abl [0], which imho makes a
brute force almost useless unless there is a distributed brute force...
http://sourceforge.net/projects/pam-abl/
Regards,
Alex
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52ec0e77.2070...@biotec.tu-dresden.de
