Recommendation: Warn against *very* secure passphrases


#1

I’ve been experimenting with duplicati recently, after being kicked in the teeth by CrashPlan. I set a very strong password. Lots of symbols. It’s an absolute nightmare to try and use the CLI. Trying to enter the passphrase on the command line has so far proved impossible. I eventually managed to get all the escaping right for an echo of the passphrase, but I get an error when trying to run cli commands. I’d guess there’s another level of escaping I need.

If I’d known this upfront, I’d have stuck to an alphanumeric password and just made it longer. Five or ten extra alphanumerics would provide an equally secure passphrase, but it would be much easier to work with the CLI.

Could we surface this info in the UI somewhere? Perhaps warning people during backup configuration that passwords which are terminal friendly might be easier in the long run.


#2

That hits somewhere between adding security or being user friendly… I am not sure what I like better…

If you have trouble with the shell, you can use the --parameter-file option such that the data is read from a file instead of the commandline.

But we can consider adding an extra label to the UI: