Giter Club home page Giter Club logo

Comments (6)

peternied avatar peternied commented on July 24, 2024 1

I'm not sure if we have precedence for this kind of scenario, but approach 1 seems like a good candidate.

If you need another alternative, consider adding a parameter to the password setting API such as a 'dry-run' flag. Then you can reuse whatever error comes from the backend system to populate the front end ❌, or a ✔️

from security-dashboards-plugin.

derek-ho avatar derek-ho commented on July 24, 2024

Two possible ways we can solve this, as @cwperks pointed out, rule/regex based regex seems to be at odds, or at least not 1:1 with library based password scoring.

Approach 1 (my vote):
Step 1: - Don't allow users to create users with passwords that violate the regex rule specified in the config file
Step 2: - Try to use https://github.com/dropbox/zxcvbn - or similar to match UI with what backend would return for the strength of a given password

We will still allow users to try and send passwords that pass UI/frontend checks, but the backend will make the final call on whether that user's password strength is strong enough to allow for creation

Approach 2:
Step 1: Allow users to set whether they want to use regex based Password creation, or strength based password creation
Step 2: Modify Backend to only use the library if user selected strength based password creation, otherwise just check with the validation regex from the config
Step 3: Match the UI with whatever the user config is

from security-dashboards-plugin.

scrawfor99 avatar scrawfor99 commented on July 24, 2024

[Triage] @derek-ho thank you for filing this issue. Going to tag UX/UI, and assign this issue to you ;)

from security-dashboards-plugin.

kamingleung avatar kamingleung commented on July 24, 2024

In general, strong/weak indicators alone is rather ambiguous. We should provide upfront guidance on how to make passwords strong, eliminating any guesses on our users.

As users are typing in their passwords, I would consider specifically listing out which password criteria users are missing, so that users have clear actionable path.

from security-dashboards-plugin.

kamingleung avatar kamingleung commented on July 24, 2024

@derek-ho

Two possible ways we can solve this, as @cwperks pointed out, rule/regex based regex seems to be at odds, or at least not 1:1 with library based password scoring.

Is there an issue that gives full context behind why we need a password strength UI? What did @cwperks pointed out? Thanks.

from security-dashboards-plugin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.