Ismailtaktak / freemedforms

Automatically exported from code.google.com/p/freemedforms
Other
0 stars 0 forks source link

Password Strength Meter #317

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
We need a passwordStrengthMeter when users enter a new password.
Docs tend to use passwords like their birthday, "hallo123", or even really 
cryptographic highly unbreakable things like "12345".

What would help here is a graphical and/or written feedback how good/bad the 
chosen password is.

Categories:

password matches/contains username (-)
password length (should be >6)
password contains combination of lower-/uppercase (+)
password contains combination of numbers (+)
password contains special symbols (+)

Original issue reported on code.google.com by christian.a.reiter@gmail.com on 21 Apr 2013 at 8:02

GoogleCodeExporter commented 9 years ago
Oh yes very good idea.
The 'checker' should just warn without blocking the user. If user wants to use 
weak password, it's his problematic. the checker is just here to help him to 
select a better password.

Original comment by eric.mae...@gmail.com on 21 Apr 2013 at 9:20

GoogleCodeExporter commented 9 years ago
Yes, no warning boxes or blocking. I thought about something like just like 
here:
https://www.dropbox.com/login - go to signup and type in some passwords.

Original comment by christian.a.reiter@gmail.com on 21 Apr 2013 at 9:59

GoogleCodeExporter commented 9 years ago
The real problem remains that the actual data (either SQLite or MySQL) is not 
encrypted... On Linux Debian/Ubuntu I would suggest encrypting the home folder, 
on other OS, I would suggest switching to Linux.

The issue of password strength is really secondary compared to encryption.

Original comment by contact@medecinelibre.com on 6 Nov 2013 at 6:40