Hi.

The new .au system is obviously working very well judging by the lack of 
traffic on this list. This is good.

Not sure if domain password strengths have been discussed before.

I belive the current domain system requires 6+ characters with at least one 
letter/number. It is debatable if 6 characters passwords are strong enough, 
but 4 digits passwords are certainly not. And there are a lot of A0XXXX 
passwords out there. Such a password can be casually cracked with half a 
dozen distributed web clients in under 2 hours, and a lot faster if network 
abuse is of no concern.

Are there any mechanisms from the registry/registrars to lock down domains 
with excessive password failures? A password can obviously be probed in 
different places (management login, transfer request, etc).


Kind regards,

Lucian Kafka
www.conexim.com.au