search

liberapay / liberapay.com

Source code of the recurrent donations platform Liberapay
https://liberapay.com/
1.67k stars 215 forks source link

Password generator #1001

Open Changaco opened 6 years ago

Changaco commented 6 years ago

When asking the user to input a new password we should offer to generate a random one for them.

Something like:

If you use a password manager we can generate a strong random password for you:

["Generate random password" button]

We could also try to call the browser's Credential Management API to store the new password.

EdOverflow commented 6 years ago

Please do this server-side if possible — in-browser crypto is not ideal.

evcheng1 commented 3 years ago

Should the generated password be displayed for the user and then the user will manually update their password, if they like it?

Changaco commented 3 years ago

I'm not sure. Sometimes you have to try to implement one approach, see if it feels right, and try another if it doesn't.

I'm also not sure that this is still worth the effort since Firefox now has a built-in password generator.