Linux Mint updates password policy after getting hacked and failing its users
Linux Mint is a good operating system. The problem, however, is that it really doesn't need to exist. Mint is based on Ubuntu, which is a wonderful OS on its own. Ultimately, the biggest reason for Mint's existence is the Cinnamon desktop environment, and that is certainly no reason for an entirely new OS. One of the things keeping Linux behind on the desktop is the sheer number of unnecessary distributions, such as Mint, but I digress.
When Linux Mint forums and ISOs were compromised, many of its users felt betrayed. After all, Linux is supposed to be safe and secure -- this hack was a major blemish to the community overall. Of course, this is unfair -- the kernel was not hacked, only Mint's servers. Today, as a reactionary response to the hack, Mint is changing password policies.
"In reaction to the recent attacks on Linux Mint, many measures were taken to reduce the risk of future intrusions, but we also worked on the eventuality of being hacked again. In particular, additional measures were taken to detect issues faster, to reduce their impact and to recover from them more efficiently. Today, we're implementing a final set of measures aimed at lowering the value of the information stored on our servers", says Clement Lefebvre, Linux Mint.
Lefebvre shares the following changes being made.
- The forums now only accept passwords containing at least 10 characters and which include symbols, digits and mixed-case characters.
- The community website no longer accepts custom passwords (i.e. passwords can be generated/reset, but not set by users).
These changes make sense, as it essentially protects users from themselves. In the forums, it minimizes the possibility that members will use the same password that they use elsewhere, but that isn't a guarantee. The community change should be more effective, however, as users cannot even set a custom password!
While I applaud Linux Mint for making positive changes -- even if it is reactive rather than proactive -- it doesn't protect against phishing or keyloggers. Even hardcore passwords with special characters and varying cases can be stolen. I would like to see two-factor authorization to be implemented as well. Hopefully that comes in the future.
Has Linux Mint won back your trust, or are you still hurting from the hack? Tell me in the comments.