Enforcing password complexity for private keys

Phillip Susi phill at thesusis.net
Tue Apr 30 20:11:54 CEST 2019

David Milet writes:

> To answer suggestions in other replies, our developers are savvy enough, and we do have recurring training in place to stress the importance of good passwords. But we know also that some developers will choose the weakest password the system allows, making them the weakest link.

And some will just write down the password on a sticky note stuck to
their monitor.  The more annoying you make password requirements, the
more likely this becomes.

Don't smartcards have a built in lockout policy that makes it impossible
to brute-force the password anyhow?  Given that, password complexity is
a moot point.

More information about the Gnupg-users mailing list