Short, concise description of the idea
The password complexity system should be updated to standard
Full description of the idea
Password complexity should be rated on a weighting system, giving extra points to special characters, numerals, etcetera.
Thus you could have a sufficiently complex password EITHER with fewer special characters, or more standard characters. Weighting should also happen based on non-repitition or reversal of characters. Thus a twenty-three random character password would not constantly be noted as 'insecure'.
- No false positives on 'insecure password' notices
- Better determining of password use
- Higher security (via encouraged secure passwords)
An ordered list of problems/issues involved
- More complex password checking
- Possible processing overhead
- Time to implement
An organized list, or a few short paragraphs detailing suggestions for implementation
- Algorithm mentioned is currently capable of being applied by current POSIX/UNIX PAM authentication