Open finsterwalder opened 1 year ago
Verifiers SHOULD offer guidance to the subscriber, such as a password-strength meter [Meters], to assist the user in choosing a strong memorized secret. This is particularly important following the rejection of a memorized secret on the above list as it discourages trivial modification of listed (and likely very weak) memorized secrets [Blacklists].
from https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
That makes sense to me!
Could also be very helpful for dry run imports (on the admin API).
Klaus Herrmann | Product Management | @.*** | +49-1522-9409636
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog
label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
Preflight checklist
Describe your problem
We want to give users that sign up for a new account a green or red signal, whether their provided email and password are acceptable, before they actually submit their credentials. This gives them a better user experience with early feedback.
Many signup forms show you the rules your password needs to follow and show you a green sign, once you obey to all the provided rules. Since Ory does not simply follow some simple rules (at least a char and a number etc.), it's hard to implement something similar. So right now we have to create the account and then report the error back to the user after he submitted the signup form. Instead we would like to give the user a feedback once he stoped typing for a little while.
Describe your ideal solution
An API that accepts a Username and a Password and gives back a yes/no answer, whether the given credentials would be accepted for a new account.
Workarounds or alternatives
Try to create the account without checking beforehand
Version
current REST API
Additional Context
Old issue in Kratos: https://github.com/ory/kratos/issues/136