Password Complexity rules are not displayed during the password expiration warning

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps

Other

374 stars 320 forks source link

Password Complexity rules are not displayed during the password expiration warning #1130

Open epierce opened 4 years ago

epierce commented 4 years ago

I'm submitting a

[ ] bug report
[x] feature request

Background info

When a user's password is expiring soon, they are given the chance to change their password, but the password complexity rules are not shown. The user is only given the password rules once their password has actually expired.

Expected behavior

The user should be able to see the complexity rules whenever they are prompted to change their password.

swiftone commented 4 years ago

Internal ref: OKTA-289869

tmackay-cenet commented 4 years ago

I would like to see the rules also form part of the client side form validation - rather than submitting a known bad password and relying on a 403 error.

tmackay-cenet commented 3 years ago

Bump. This is still causing considerable headaches for our users with the resulting confusion and account lockouts. Still I think input validation and red exclamation marks would be required to get the point across.

tmackay-cenet commented 3 years ago

This seems to have made it into production with the 'showPasswordRequirementsAsHtmlList' option. Tested on v5.4.1 with password expiry warning (not yet expired).