markthebro
commented
6 months ago If this product enhancement will be implemented, it should also find its way to the iOS app....
Open markthebro opened 6 months ago
markthebro
commented
6 months ago If this product enhancement will be implemented, it should also find its way to the iOS app....
Is your feature request related to a problem? Please describe.
When a user creates a new public link which shall be shared to other users to e.g. share some photos of last weeks party, a server administrator of a Nextcloud instance can enforce using passwords on shared links. Those passwords could match certain criterias based on the configuration of the administrator. These criteria could be length, used characters (capital, lower), digits and/or special characters like !?%& and so on. If such criteria has been configured by the administrator, it would be great for end-users to show those criteria when entering a password - in real-time / live on the screen. Status quo is to enter a password - but it is now shown if the entered password matches certain criteria based on the configuration of the administrator. The password-criteria will only popup after clicking on the "OK-Button" if they do not match. Then a small message on the bottom will be shown - but even there not all criteria(s) are shown - ref. to the additional context chapter. No shared link can be created and (obviously) not shared to other users. User has to start the share-process again - hopefully with the information at the bottom to match certain criteria.
Describe the solution you'd like
It would be great to show the current policies of the Nextcloud instance and give the end-user a feeling that the entered password does fulfill the criteria configured by the administrator. A very bad mock-up, I know - but something like this would be great.
So the end-user has all needed information to create a strong password and during the input the user gets the information which criteria has already been fulfilled. Using some client-validation-method where a green tick or red cross will be shown if the criteria is matched (or not) would be the "crème de la crème" regarding usability experience.
Describe alternatives you've considered
From my point of view there exists no alternative solution - the user should get the information about the criteria of passwords before submitting the input to the server. Showing afterwards the criteria at the bottom of the screen + only "half of the message" is not very end-user-friendly - at least for those users who do not have such an IT skill set and have really no know-how regarding security and what at least safe passwords are.... (ref. to e.g. Secure Passwords - Fact Sheet (BSI))
Additional context
Status quo when a password has been entered which does not match certain criteria. A message is shown but not the whole content - so right now the end-user knows that the password has to be at least 12 characters and has to use a number - but nothing more.
BTW - some message like "The administrator has configured that shared links are only valid for xxx days" would be also great before sharing the link. Shall I therefore raise an additional feature enhancement request?
Glad to hear your feedback on this topic!
Thanks in advance and stay healthy.