Rules should not be self exclusive

[Maxouwell]

Right now the "unique character" rules is incompatible with some others rules .

It defeats the objective of wasting the maximum of time of the user, since they would abandon following this rule.

I think this rule should be disabled or upgraded to something compatible with the rest (2 characters ?)

[MichaelNMaggs]

Agreed. It's a more general problem, though: the palindrome rule is incompatible with cat and dog.

Tbh, I'd delete the palindrome rule as it's too onerous, especially for longer passwords, and doesn't encourage people to continue

[zgael]

I agree as well, opened an issue regarding the "unique character" rule and the "must contain repeating characters" rule last week (on the wrong project, sorry 😢 ) : https://github.com/troyhunt/password-purgatory/issues/7

Now, a similar problem is actually still present between the "Password must contain only unique characters" rule and the bobcat one, that only allows : bobcat => double B Lynx rufus => double U L. rufus => double U

Maybe it was the other rule (the "only unique characters") that shoud be removed, as it can easily become incompatible with other future rules ?

I recognize that it's a fun rule, kinda infuriating (especially when looking for Simpsons/Griffins family that do not share the same letters) - but it seems a bit too limiting, and will hinder adding more complicated rules later.

[MichaelNMaggs]

You are quite right. As you suggest, it would be best to remove the "Password must contain only unique characters" rule, too, as it's very limiting for both existing and for future requirements

[troyhunt]

I mostly agree with the feedback here, but I also think a blanket "rules cannot be self-exclusive" robs us of some good candidates. I'm more inclined to say they cannot be self-exclusive when the infuration level is "ridiculous", or similar. To that effect, I've just pushed a change for the unique characters requirement to be "ridiculous" and I encourage any further PRs to the same effect.

[zgael]

I understand your point @troyhunt , but IMHO that depends on what you see as the ultimate goal of the platform :

Is it meant to be impossible to find a "valid" password, in which case, we can say all potential self-exclusive/very limiting rules should be ridiculous level ?

Or should the platform be designed to allow a password to find its way through all the filters, provided that it is good enough - good meaning an absolute nightmare to even type, don't even think about remembering it. Could be seen as a reward for the "Michelles" that are pugnacious enough.

NB: In the last case, might as well create the so called Hall-Of-Fame / Hell-Of-Fame 😈 / Hall-Of-Flames🔥 /... to record the outstanding performance of how many attempts are needed to create a valid password! ) NB2: This might be the ultimate solution to passwords being weak : Make it disgusting enough so that no one wants/knows how to type it 😅

[troyhunt]

Oh there definitely shouldn't ever be a successful password, the goal is purely to extend the period of time people waste trying to find a successful one 😈

[Maxouwell]

Well then it renders the "final" message "Password already in use" useless and not reachable, which is a shame as it is the funniest and also allow the ride to continue for really stubborn people. Right now, the incompatible rules just prove to the password-enterer that it's a game that cannot go further (which is also a shame).

[troyhunt]

Let's just consider it a work in progress that'll probably evolve more over time 🙂

[AyeBraine]

That's a shame, I hoped to finish the game. Palindrome killed me at step 10 or so

[phillmac]

I can't get past this one because of the must be 12-16 characters in length rule. Anybody have any ideas? catbobcat‮2Lisafalldog