duffn / dumb-password-rules

A compilation of sites with dumb password rules.
https://dumbpasswordrules.com
MIT License
2.99k stars 296 forks source link

Add ranking system for sites #445

Open duffn opened 1 year ago

duffn commented 1 year ago

From https://news.ycombinator.com/item?id=34804150

We should have some sort of system to rank entries in order of ludicrousness or some other factor. 1-10 on a scale of "dumbness"? Of course, this is subjective, but even listing a site on here is subjective, so this should be okay.

nitrocode commented 1 year ago

I agree with this.

Perhaps a set of rules and why the rule exists? Shellcheck, hadolint, etc use prefixes and numerate their rules and show why the rule exists and how to remediate. Obviously we cannot provide remediation steps for the user but perhaps we can optionally show remediation steps for each rule for the website that breaks the rule?

Example https://github.com/koalaman/shellcheck/wiki/SC1000

Maybe we can use DP (dumb passwords) as a prefix?

Here are some generic enough rules that could be measurable. Each infraction could be 10 points and subtracted from 100.

duffn commented 1 year ago

Very interesting, thanks for the thoughts! I like the idea of some sort of shellcheck functionality. The entries would need to be manually curated to add certain categories as I'm not sure we could feasibly parse what's in the description to come to these conclusions.

But then each entry gets one or more categories, we can sort based upon the number of categories an entry has, and you can filter by each category as well.