It's easier and better to enforce password policies for all users, and not depending on group. Such information may impact a large number of users should it become publicly known. Not all users have access to this information, but some do. Remember that the bug tracker may contain information pertaining to 0-days in the software, or other serious security bugs. Storing sensitive data locally and have good backup solution seems much safer for the occasional hacking attempt from a jealous partner or someone trying to commit credit card fraud (if some state sponsored agency targets me specifically I am screwed anyway, either by using a secret subpoena, technically circumvent my protection or simply threat me with a big enough stick). Even if CIA/NSA or similar might not target me specifically, they most likely might target someone else using the same service and if they manage to break it, all my secrets come as a free bonus for them. That type of single-point-of-failure is, IMHO, problematic. So my question is: are there any objective reasons for such a complex password for something like BMO? What is the worst thing that can happen if someone cracks an outside users password there?įinally some personal remarks about this issue: personally I am not too found of the thought of a password manager in the cloud (which is was BMO recommends).
My current password is 9 characters, contains upper- and lowercase letter, numbers as well as special characters.
#BUGZILLA ACCOUNT UPDATE#
I decided to not update my password, and, as a consequence, stop using their service/provide BMO with bug reports, because the password they require won't be easy to memorise and I think this is unnecessary complex for a bug reporting service. Lowercase letters, uppercase letters, numbers, and other symbols Must contain a mixture of letters and symbols, containing characters from 3 out of the following 4 character classes: Must be a passphrase of at least four words Must not contain parts of your email address, or your real name must be at least 12 characters in length Now they want me to create a new password meeting certain requirements, listed here I just tried to add some details to a bug I have reported at (BMO) but wasn't let in because my password had been nullified.
0 kommentar(er)
