Closed du82 closed 1 year ago
cammellos
commented
2 years ago Thanks @ducheng0 , good suggestion. I have updated the issue with the template for a feature so it can be picked up (in case you'd like to work on it, we can set a bounty on it :) ) I have added only 2 out of 3 requirements for now, but we can add the rest later in a different issue once this is completed. Thanks again for the raising the issue!
du82
commented
2 years ago @cammellos I don't have much experience with ClojureScript, but I think it would be a great learning opportunity. I've never done a Gitcoin bounty before, so if you'd direct me in the right direction I can work on it :) Thanks
gitcoinbot
commented
2 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 400.0 DAI (400.0 USD @ $1.0/DAI) attached to it.
cammellos
commented
2 years ago @ducheng0 I have created a bounty, you can apply from the link above. You can contact us directly on our discord if you need any help setting up the project or you have some questions etc. My handle is the same as on github. Thanks for expressing interest!
gitcoinbot
commented
2 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 264 years, 8 months from now. Please review their action plans below:
1) bongkie007 has applied to start work _(Funders only: approve worker | reject worker)_.
Try this pasword Mymiddlefingerlikesyou,!,010 2) ayush20 has applied to start work _(Funders only: approve worker | reject worker)_.
I have a 7+ year experience in cyber security and given an opportunity, I can help you with developing brilliant solutions to create a safe and secure authentication system. Looking forward to discussing and working on this bounty. 3) jkbl has applied to start work _(Funders only: approve worker | reject worker)_.
I can update validation process, so that minimum password length is 8 characters.
Excluding list of pwned passwords would require using external service, as currently list of pwned passwords has more than 15GB in size. 4) trungtin has applied to start work _(Funders only: approve worker | reject worker)_.
Per requirements, the password should:
I already integrated strong password logic before. So it is easy for me. New thing is emojis. But I can solve this easily too. It will requires only add unicode variable. 6) aaronteamaar has applied to start work _(Funders only: approve worker | reject worker)_.
I can solve the problem using a password generator i made that combines word,symbols and numbers all in one to make the password stronger than ever and i can match this up using an authenticator. Then if a VPN is provided during the password entering period it can help to stop interception from hackers trying to gain access. 7) dangarbri has been approved to start work.
Find the code that manages the password view and update it with some simple password checking. 8) aimanafzal has applied to start work _(Funders only: approve worker | reject worker)_.
Write an additional piece of code to support 8 characters for password with the enhanced security of implementing a Regex.
Learn more on the Gitcoin Issue Details page.
du82
commented
2 years ago I've tried, and I can't figure it out. Bounty is still open to anyone who wants it.
cammellos
commented
2 years ago I've tried, and I can't figure it out. Bounty is still open to anyone who wants it.
If you go here https://gitcoin.co/issue/status-im/status-react/13137/100027817 , you should see a button "Express interest", and then I can approve you to start working on it. You can also ping me on our discord if you need any help.
du82
commented
2 years ago I meant I tried looking through the codebase, can't figure out where the code I'm looking to change is. I've never used Clojure or ClojureScript prior to work on Status.
chevyphillip
commented
2 years ago Is this bounty still open for suggestions and implementation?
gitcoinbot
commented
2 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 400.0 DAI (400.0 USD @ $1.0/DAI) has been submitted by:
@statussceptre please take a look at the submitted work:
As a user I want to have a minimum number of characters in my password enforced So I don't mistakenly choose a weak password
Description
We should enforce (client side) a minimum of 8 characters for the password Ideally we exclude a list of common passwords, as per original comment below, but can be done separately
Original comment
As per the DejaVu security audit that was done in 2018, we should increase the password requirements.
Here's what they said:
We should increase the limit to 8 characters, and prevent users from entering passwords with low entropy such as "000000" or "querty". Right now, there's 56 billion possible combinations if the user is using a 6 character password (
62^6) but that is increased to 218 trillion combinations with an 8 character minimum (62^8) which would take longer to crack, without interference to the user.In addition, we should also allow characters from other systems such as Chinese, Cyrillic, Arabic, and Emojis to add to the allowed complexity.