Enable Calamares Password Strength Indication (libpwquality)

Recently installed XFCE and Gnome versions and noticed that Calamares accepts ‘123’ as a password for full-disk-encryption, main user, and root passwords.

Would it be possible to configure libpwquality with some sane password requirements? If we don’t want to impose stronger passwords, we should at least indicate the password strength, so the user is influenced to make better choices.

Starting point: calamares/users.conf at calamares · calamares/calamares · GitHub

But you would not use that password on a real install, right? Neither do i, and many others will chose a strong password.

Before, even empty password was allowed, but not anymore, as many things failed to work properly due to that. To enforce passwords to meet some parameters, it means that all that do VBox installs or whatever virtualization software, for quick testing purposes, will have to type sane passwords all the time, instead of just a very simple one, for convenience.

What requirements should password have?

:black_small_square: Contain both upper- and lowercase characters (e.g., a–z, A–Z).
:black_small_square: Have digits, punctuation characters, and letters (e.g., 0–9! @#$%^&*()_+|˜-=’{}[]:”;’<>?,./).
:black_small_square: Are at least eight alphanumeric characters long, but twenty is safer …
:black_small_square: Not a word in any language, slang, dialect, jargon, etc.
:black_small_square: Are not based on personal information, names of family, etc.

So, there would have to be also some sort of a password-validator, with a messages for each failure of the password not meeting those requirements.

In case of libpwquality probably those going by generating random passwords with good pronounceability will fail, in few days, to remember that password. Then what? Password hint?

Then it begs the question, to be even safer than that, what is next:
:black_small_square: Set a minimum password age?
:black_small_square: Do not use the same password for root and make sure that option is not available?
:black_small_square: Make sure the users will not write their passwords down on paper and store them anywhere in their office, phone, other devices?

Many users are barely persuaded to read the wiki when we point them to it, and many, for convenience, will use a simple password :sweat_smile:


Please don’t do this.

I am testing changes in a VM, I want to have simple fast passwords. Anyone who uses simple passwords in real systems is stup1d. The cause of the problem is different.

Put a note in the installer.


Thank you for all the good reasoning against setting password requirements that force the user to use strong passwords. I fully agree.

I was asking to set password requirements in the config, so that Calamares can indicate (not enforce) the strength of the entered password. So it can help the user to come up with a strong password.

1 Like