-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Password Strength UI #1523
Comments
Two possible ways we can solve this, as @cwperks pointed out, rule/regex based regex seems to be at odds, or at least not 1:1 with library based password scoring. Approach 1 (my vote): We will still allow users to try and send passwords that pass UI/frontend checks, but the backend will make the final call on whether that user's password strength is strong enough to allow for creation Approach 2: |
[Triage] @derek-ho thank you for filing this issue. Going to tag UX/UI, and assign this issue to you ;) |
I'm not sure if we have precedence for this kind of scenario, but approach 1 seems like a good candidate. If you need another alternative, consider adding a parameter to the password setting API such as a 'dry-run' flag. Then you can reuse whatever error comes from the backend system to populate the front end ❌, or a ✔️ |
In general, strong/weak indicators alone is rather ambiguous. We should provide upfront guidance on how to make passwords strong, eliminating any guesses on our users. As users are typing in their passwords, I would consider specifically listing out which password criteria users are missing, so that users have clear actionable path. |
@kamingleung I think there is two things here -
|
Similar to other websites that have password strength UI when creating a user, the security dashboards plugin should have something similar.
The text was updated successfully, but these errors were encountered: