Community
Participate
Working Groups
With the bugzilla credentials being used for more and more services at Eclipse.org, the recent security discussion reminded me that it may make sense to enforce stronger passwords. While bugzilla was just a bugtracker with a self-service system for credentials, it is now being used for much more: Bugzilla credentials are linked to at least the Wiki, the Portal (linked to committer access for some things like voting), Friends of Eclipse benefits, and maybe more. See also http://wiki.eclipse.org/Architecture_Council/Meetings/September_15_2011 Comments and thoughts welcome.
Make it just longer. Explanation here: http://xkcd.com/936/
+1 on long, easy passwords (or passphrases, if you will).
Could you provide an easy password strength checker next the password box ? this should warn people their password does not meet requirement to have strong passwords.
FWIW, when the authentication was changed from Bugzilla to LDAP over the XMas holidays, I *was* enforcing stronger passwords. Nothing (IMO) overly complex -- min. 8 characters, 1 uppercase, one number, 1 non-alpha. Wow, did that ever upset a bunch of people. Here's an example: http://bewarethepenguin.blogspot.com/2011/12/silly-password-requirements.html The requirements have since been relaxes. People do have the option of entering long passwords... Not many do. Closing WONTFIX. I tried, it failed.
FWIW this request was less about bugzilla, but more about additional services (i.e. committer-only-services) linked to the same account. Stuff like the Portal for instance. Since LDAP is used now, the request would be that committer passwords must satisfy certain criteria (I don't care about bugzilla-only users). The criteria that you mentioned seem reasonable ... stronger than most sites require, but still reasonable and pretty widely used. What's key IMO is that the password requirements are very clearly announced AT THE POINT where I need to choose or modify a password. Which in case of committer passwords would be the committertools / password change form, I guess. If a committer really argues about your criteria being too strong for committer access, I'd like to talk to him. Having our source repos compromised by unauthenticated access is a threat that I don't want to risk.
Understood and agreed. Let's reopen this and apply different reset rules. We have the technology to differentiate between user and committer.
Thanks Denis. Perhaps the bugzilla change password form should say "You're an Eclipse committer, and bugzilla uses your committer password. Please use <a href="http://portal.eclipse.org">the portal</a> to change your committer password.
I think I'm somewhere in between on this. It seems after three attempts you are locked out for some period, so an intruder does not get many chances to guess anyway. I would be in favour of some minimum standard but nothing too complex. IBM tends to be pretty strict about this stuff and on none of the systems here do I have a rule like one upper, one number, AND one symbol. This just feels like a recipe for easily forgetting your password ;) I think something like a minimum of eight characters and at least two non alpha characters is enough (numbers OR symbols). Not allowing a dictionary word would be another great check. Just my $0.02.
Some tools (eg Keepass Password Safe) compute password strength on the fly and show it in a gauge that changes from red to green as you type and make your password more complex. I think I've once seen this on an online site as well, but can't remember where. I like the visual feedback about strength .. might be more acceptable than some fixed rules. Eg some people like long ASCII only passphrases while others prefer shorter ones but with many non-alpha variations. Perhaps there's a pre-canned password strength checker available as a Javascript component somewhere ?
It looks like new restrictions have been introduced recently. See bug 372846.
We've fixed this on accounts.eclipse.org
