if administrators want to allow users to create a secret without a passphrase, there should be a configurable option to allow it.
it's not ideal to me from a design perspective, but since the application doesn't restrict complexity for passphrases, users can use simple single word passphrases, which aren't any more secure.
if administrators want to allow users to create a secret without a passphrase, there should be a configurable option to allow it.
it's not ideal to me from a design perspective, but since the application doesn't restrict complexity for passphrases, users can use simple single word passphrases, which aren't any more secure.