Opened 22 months ago

Last modified 9 months ago

#18399 new enhancement

Password Strength Meter should usually mark passwords that contain password as weak

Reported by: jorbin Owned by:
Priority: normal Milestone: Awaiting Review
Component: Users Version:
Severity: normal Keywords: has-patch close
Cc: d@…, pavelevap@…, eric.andrew.lewis@…

Description

Password (in human and l337 form) is a horrible password. Unless a password is really long, we should mark passwords that contain 'password' as weak.

Test Case : password123 returns Strong

Attachments (1)

password.patch (1.2 KB) - added by jorbin 22 months ago.

Download all attachments as: .zip

Change History (5)

jorbin22 months ago

comment:1   danielbachhuber22 months ago

  • Cc d@… added

comment:2   pavelevap22 months ago

  • Cc pavelevap@… added

And what about translation of "password" for other languages?

comment:3 follow-up: ↓ 4   solarissmoke15 months ago

  • Keywords close added

What about all the other weak phrases that people might use? Like say using their username or qwerty or wordpress (I've seen it done) in the password? The strength meter is only a guide and the user should still use some common sense - we can only hold their hand so far.

comment:4 in reply to: ↑ 3   ericlewis9 months ago

  • Cc eric.andrew.lewis@… added

Replying to solarissmoke:

What about all the other weak phrases that people might use?

Perhaps we could include a list of the top 25 (more?) most common passwords, and return "Very Weak" for all of them? I'm not sure what the best compromise between security and code bloat would be here.

Note: See TracTickets for help on using tickets.