Password strength change 1.4.0 #42
Comments
|
Good idea, will look into improving this. |
|
May i know how current password complexity requirement? My password has symbol, lower case, upper case, numeric, length around 15 characters still rejected. Also if possible just warn user instead of rejection. |
|
Perhaps an option to set whether it is a warning or rejection can be added to the server side code. |
|
@hadirena xBrowserSync utilises angular-complexify which is an angularjs port of jquery.complexify.js. However it looks like jquery.complexify.js is no longer maintained (the website explaining the complexity algorithm is also down) so that's probably a good enough reason to look at replacing this functionality with something else. zxcvbn seems like it could be a good option. |
|
@fantawttw I'd like to keep password validation client-side only. |
I agree with it being client side, The process I was thinking of would be that the server would respond in the initial /info request or some other mechanism (not sure if this is how your code works) stating rejection type |
|
@fantawttw ok I think that's separate enough to warrant it's own issue so we can track the feature request independently. Could I trouble you to raise a new issue for this please? |
Changes have been made to the password algorithm however the user has no way of knowing what you are considering an acceptable password.
Steps to reproduce
Expected behaviour
Able to enter a password of my choosing
Actual behaviour
Forced password policy with no guidelines.
Just a red, amber green bar showing password strength
Client app information
App Platform: Chrome
App Platform Version: 1.4.0
Other info
I don't like systems forcing me to use what they consider a strong password.
eg. "thisisaverystrongpasswordandonlyiknowit" is basically unbreakable but it's not allowed.
however "asdasdasdasdasdasd" is allowed.
Please consider removing the complexity requirement that has been added in.
The text was updated successfully, but these errors were encountered: