#173 your password requirements for new users are annoying and put you in a bad light

Open
opened 4 weeks ago by joernhees · 2 comments

Your sign up currently seems to require pws to be no less than 6 chars long and have the following requirements:

Password does not pass complexity requirements:

At least one special character (punctuation, brackets, quotes, etc.)
At least one lowercase character
At least one uppercase character
At least one digit

So you're telling new users to trust your platform with their code, but during the sign up process you imply that you that aaaA1. is more secure than a standard pwgen 20 (e.g., Nue0gaev3nooGoh5ahph)?

https://xkcd.com/936/

Your [sign up](https://codeberg.org/user/sing_up) currently seems to require pws to be no less than 6 chars long and have the following requirements: Password does not pass complexity requirements: At least one special character (punctuation, brackets, quotes, etc.) At least one lowercase character At least one uppercase character At least one digit So you're telling new users to trust your platform with their code, but during the sign up process you imply that you that `aaaA1.` is more secure than a standard `pwgen 20` (e.g., `Nue0gaev3nooGoh5ahph`)? https://xkcd.com/936/
hw added the
gitea-related issue
label 4 weeks ago
hw commented 4 weeks ago
Owner

There is an ongoing discussion in https://github.com/go-gitea/gitea/issues/11177 suggesting to add a NIST compliant entropy checker which we would very much endorse.

Do you think you could possibly contribute to bring the implementation of this feature forward?

There is an ongoing discussion in https://github.com/go-gitea/gitea/issues/11177 suggesting to add a NIST compliant entropy checker which we would very much endorse. Do you think you could possibly contribute to bring the implementation of this feature forward?
ousia commented 3 weeks ago

Sorry, but how about enabling Unicode support in passwords?

I’m just an average user (I don’t code), but this would make easier for user to create much more complex passwords.

Sorry, but how about enabling Unicode support in passwords? I’m just an average user (I don’t code), but this would make easier for user to create much more complex passwords.
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.