Open epierce opened 4 years ago
Internal ref: OKTA-289869
I would like to see the rules also form part of the client side form validation - rather than submitting a known bad password and relying on a 403 error.
Bump. This is still causing considerable headaches for our users with the resulting confusion and account lockouts. Still I think input validation and red exclamation marks would be required to get the point across.
This seems to have made it into production with the 'showPasswordRequirementsAsHtmlList' option. Tested on v5.4.1 with password expiry warning (not yet expired).
I'm submitting a
Background info
When a user's password is expiring soon, they are given the chance to change their password, but the password complexity rules are not shown. The user is only given the password rules once their password has actually expired.
Expected behavior
The user should be able to see the complexity rules whenever they are prompted to change their password.