Allow creating low-privilege user accounts with cheap (or without) passwords
Gnome-control-center (and GDM if you set the password there) don't allow creating a user with a password that doesn't match certain security criteria. While preventing scripts from escalating their privileges by executing brute force attacks on other user accounts, this also prevents some use cases which are legitimate IMHO.
There are use cases for cheap (or even empty) passwords no one can deny: examples are throw-away accounts for guest users, or for testing purposes.
For example, today I hosted a one-day internship for girls interested in IT. One of them forgot her laptop, I lend her mine. I wanted to quickly create a throw-away account for her, but I couldn't without engineering a password so complex that none of us would remember, so I gave up and let her mess with my browser tabs and gnome-text-editor tabs in my user account.
If I don't miss something significant here, we wouldn't lose any security if we allowed cheap passwords for non-encrypted users with low permissions:
If you have physical access to a device, it is much easier to just reboot in recovery mode and gain access to everything than to brute-force the password of a non-encrypted user account. If scripts run, they already have the rights of a low-privilege user, and can't gain any more privileges using the password of the low-permission user. Only for remote logins, like via ssh, preventing a brute-force attack on low-privilege user accounts would add security value. But these should be disabled anyway on a default desktop operating system.
In conclusion, even for normal, non-encrypted every-day user accounts without administrative permissions, having a non-bruteforcable password doesn't add much (if any) value, while it costs a lot of comfort.
Development Tasks
-
skip blocking the user account creation with cheap passwords if the account is non-administrative and not encrypted in gnome-control-center -
skip blocking the password creation with cheap passwords if the account is non-administrative and not encrypted in GDM
QA Tasks
-
test (preferably automated) that user accounts with high privileges are still required to meet security criteria -
test (preferably automated) that user accounts with low privileges are not required to meet security criteria