GitLab

Originally created by @huertanix on #15027 (Redmine)

Most trainings I’ve helped with around Tails have surfaced the need for prerequisite training on credential security and how to choose a strong passphrase for persistent volumes. Most of the time, however, that in-person training is not possible, and users resort to using weak passwords, or passwords that they are convinced are strong because of the late-90s era password rules on website accounts that tell them they are choosing strong passwords but really are not.

Rather than rely on the long history of users choosing weak passwords, it would be great to include a passphrase strength meter when users are choosing an persistence passphrase. A lot of research has been done in this field and some researchers at CMU has released some of it here: https://engineering.cmu.edu/news-events/news/2017/05/11-password-meter.html including source code: https://github.com/cupslab/password_meter. Implementing something like this would help people choose strong passphrases to make their strong encryption worthwhile.

Note: A user can still change their strong passphrase to a weak one using the Disks utility after creating the partition in case if there’s some edge case that requires a weak password.

Related issues

• Is duplicate of #7002