Open hughns opened 2 years ago
There is some password strength enforcement via the OPA policy + config (require uppercase/lowercase/number + min length), although we might be better off using something more intelligent like zxcvbn? This one would definitely require interactive feedback on the frontend, else you'd get cryptic error messages like "your password is not strong enough" without knowing exactly what "strong enough" means
Here is the final component in Figma, and here is a reference in the designs.
After #2972, here's what will be left:
For your information, this issue has been copied over to the Element fork of matrix-authentication-service
: https://github.com/element-hq/matrix-authentication-service/issues/172
There is a basic password policy in place, which can set a minimum password length, require uppercase, lowercase and/or numeric symbols.
This is very basic and lacks direct feedback to the user. We should instead use a real password strength estimation like zxcvbn and enforce it. This would also need live feedback to the user whether their password is strong enough or not.
Open questions:
Relevant design screens: