Opened 5 years ago
Closed 3 years ago
#18399 closed enhancement (duplicate)
Password Strength Meter should usually mark passwords that contain password as weak
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Users | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Password (in human and l337 form) is a horrible password. Unless a password is really long, we should mark passwords that contain 'password' as weak.
Test Case : password123 returns Strong
Attachments (1)
Change History (7)
#1
@danielbachhuber
5 years ago
- Cc d@… added
#2
@pavelevap
5 years ago
- Cc pavelevap@… added
#3
follow-up:
↓ 4
@solarissmoke
5 years ago
- Keywords close added
What about all the other weak phrases that people might use? Like say using their username or qwerty or wordpress (I've seen it done) in the password? The strength meter is only a guide and the user should still use some common sense - we can only hold their hand so far.
#4
in reply to:
↑ 3
@ericlewis
4 years ago
- Cc eric.andrew.lewis@… added
Replying to solarissmoke:
What about all the other weak phrases that people might use?
Perhaps we could include a list of the top 25 (more?) most common passwords, and return "Very Weak" for all of them? I'm not sure what the best compromise between security and code bloat would be here.
#5
@DrewAPicture
3 years ago
Related: #21737
#6
@DrewAPicture
3 years ago
- Keywords close removed
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #21737.
Actually, closing as a duplicate.
And what about translation of "password" for other languages?