Describe the bug
Password complexity requirements description and functionality are misaligned. Documentation states passwords must be at least 11 characters in length, password reset page states passwords must be at least 8 characters in length, and the client page checks for at least 8 characters. Additionally, code specifies password history of 3, but no error message appears when recent passwords are attempted to be set.
Expected behavior
Documentation, code, system capability, and user feedback regarding password policy should all be aligned and clearly articulated. This should provide clear communication to the user and remove functionality to repeatedly request actions.
r-a303931
commented
8 months ago
Describe the bug Password complexity requirements description and functionality are misaligned. Documentation states passwords must be at least 11 characters in length, password reset page states passwords must be at least 8 characters in length, and the client page checks for at least 8 characters. Additionally, code specifies password history of 3, but no error message appears when recent passwords are attempted to be set.
Expected behavior Documentation, code, system capability, and user feedback regarding password policy should all be aligned and clearly articulated. This should provide clear communication to the user and remove functionality to repeatedly request actions.