Opened 5 years ago
Last modified 4 weeks ago
#13986 assigned enhancement
Ease HaikuDepot's password requirements
|Reported by:||humdinger||Owned by:||apl-haiku|
HaikuDepot wants the user's password to be at least 8 characters long with 2 numbers and 2 upper-case letters.
AFAIK, more and more experts (and non-experts) come to the conclusion that these user-unfriendly requirements are more detrimental than helpful. People choose easier passwords, re-use them, write them down and never change them.
Generally I don't see the need for special protection for an account used for commenting and rating. Up the length to 10 or 12 if you must, but let's ease up on the special characters at least.
Maybe the current restrictions on the password is part of the reason few people rate or comment in HaikuDepot (aside #13832 of course). How many registered user has HDS?
Change History (5)
comment:1 by , 5 years ago
comment:2 by , 4 years ago
|Status:||new → assigned|
comment:3 by , 5 weeks ago
Just to be 100% sure, the password requirement checks are *only* implemented in the server side, correct?
This seems to be the case for the most part:
comment:4 by , 5 weeks ago
Yes it is enforced on the server side. Am away from the computer so will come back to reply to this later. Regards.
comment:5 by , 4 weeks ago
Some users of HDS can undertake additional actions other than commenting and rating. Because of this, those users need to have some level of complexity-strength in their passwords. It is complex to have different rules for different genres of users -- it is easier to have a blanket set of requirements for passwords that applies to all users.
It would be good to project the password requirements from the HDS back-end through to the client UI -- something for a future enhancement.
Would it be possible to investigate the password requirements of other Haiku web applications so that it is possible to harmonise them if the others are sufficiently 'strong'?
Responding to the original question; to get the count of users in HDS;
SELECT COUNT(id) FROM haikudepot.user WHERE active=true;
Somebody from the admin team would be able to execute this query.
I don't see why the password requirement should be more stringent than what we use fior trac, or the Haiku Forum.