Open Stack

On 12/30/2013 02:55 PM, li-zheming wrote:
> hi all:
>       when create user, you can set user password. You can set password
> as a simple word 'a'. the
> password is too simple but not limit. if someone want to steal your
> password, it is so easily(such as exhaustion).
> I consider that it must be limited when set password, like this:
>       1. inlcude uppper and lower letters
>       2. include nums
>       3. include particular symbol，such as  '_','&'
>       4. the length>8
> administor can set the password rule.

Hi,

If you want to check for password complexity, do it the correct way. I'm
used to *always* use a password generator that uses only lower case, and
removes chars that can be confused with one another, so that you don't
have l and 1, or O and 0 in my passwords. Yet, they are high entropy and
long. If you just force me to add upper+lower case and add symbols, then
you are just annoying me even with my very good passwords.

> I want to  provide a BP about  this issue. can you give me some advice
> or ideas??

Please use a password entropy function. Something like this:
https://pypi.python.org/pypi/cracklib

Thomas