[Libreoffice-ux-advise] [Bug 157518] Improve password security UX

[bugzilla-daemon at bugs.documentfoundation.org]

https://bugs.documentfoundation.org/show_bug.cgi?id=157518

--- Comment #2 from jan d <d_jan at ymail.com> ---
TL;DR: Implement strength meter based on existing code, do not use rules,
consider further improvements.

1. PRO: strength-meter 1) There will be existing and reviewed code for it 2) It
is not dependent on single rules 3) it is a self-contained component, its only
dependency being the password-entry field and minor translation.
2. AGAINST (for now): rules. They need a lot of text and can not capture well
how password (cracking) work. Lets say your rules say "special characters":
Nice, but several randomly chosen words ("passphrase") might be better, leading
to adding 1! to the phrase etc. 
3. OPTIONAL/Addition: have an "unmask password" icon. While attackers might
look over your shoulder, far more often they don’t, and it adds some comfort
when typing more complex passwords or finding a problem with them. 
4. OPTIONAL/Addition: Remove hint for case sensitivity. There are many things
to be hinted at, but if we do not know we absolutely need it: It takes away
attention from more important things.
5. OPTIONAL/Addition: If we feel we need to instruct people about
more-than-absolute-essentials here: Lets link to a help page. 
6. AGAINST (for now): Configuring a password policy, since it would lead to
needed an additional implementation to configure it, ideally via a org-wide
policy etc. Also, see problems with rules at 2.

-- 
You are receiving this mail because:
You are on the CC list for the bug.