Opened 7 years ago

Last modified 21 months ago

#13986 assigned enhancement

Ease HaikuDepot's password requirements

Reported by: humdinger Owned by: apl-haiku
Priority: normal Milestone: Unscheduled
Component: Applications/HaikuDepot Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

HaikuDepot wants the user's password to be at least 8 characters long with 2 numbers and 2 upper-case letters.

AFAIK, more and more experts (and non-experts) come to the conclusion that these user-unfriendly requirements are more detrimental than helpful. People choose easier passwords, re-use them, write them down and never change them.

Generally I don't see the need for special protection for an account used for commenting and rating. Up the length to 10 or 12 if you must, but let's ease up on the special characters at least.

Maybe the current restrictions on the password is part of the reason few people rate or comment in HaikuDepot (aside #13832 of course). How many registered user has HDS?

Change History (5)

comment:1 by vidrep, 7 years ago

I don't see why the password requirement should be more stringent than what we use fior trac, or the Haiku Forum.

Version 1, edited 7 years ago by vidrep (previous) (next) (diff)

comment:2 by waddlesplash, 6 years ago

Owner: changed from stippi to apl-haiku
Status: newassigned

comment:4 by apl-haiku, 21 months ago

Yes it is enforced on the server side. Am away from the computer so will come back to reply to this later. Regards.

comment:5 by apl-haiku, 21 months ago

Some users of HDS can undertake additional actions other than commenting and rating. Because of this, those users need to have some level of complexity-strength in their passwords. It is complex to have different rules for different genres of users -- it is easier to have a blanket set of requirements for passwords that applies to all users.

It would be good to project the password requirements from the HDS back-end through to the client UI -- something for a future enhancement.

Would it be possible to investigate the password requirements of other Haiku web applications so that it is possible to harmonise them if the others are sufficiently 'strong'?

Responding to the original question; to get the count of users in HDS;

SELECT COUNT(id) FROM haikudepot.user WHERE active=true;

Somebody from the admin team would be able to execute this query.

Note: See TracTickets for help on using tickets.