December 6, 2016

The Fedora Project Asks Users to Change Their Passwords to Preempt Hacking Attempts

(LiveHacking.Com) – There has been a large number of high profile open source sites which have suffered security breaches in recent months (including The Linux Foundation and kernel.org). The latest of these happened just a few days ago when hackers used phpMyAdmin to access the WineHQ project’s database and steal users’ appdb and bugzilla access credentials.

In a preemptive move, the Fedora Project is asking all existing users of the Fedora Account System (FAS) to change their password and upload a NEW ssh public key before 2011-11-30.

The project is also using the opportunity to enforce some new password rules to make them harder to guess:

  • Nine or more characters with lower and upper case letters, digits and punctuation marks.
  • Ten or more characters with lower and upper case letters and digits.
  • Twelve or more characters with lower case letters and digits
  • Twenty or more characters with all lower case letters.

Finally the project administrators are warning that any user who fails to update their password may have their account marked as inactive.