https://bugs.documentfoundation.org/show_bug.cgi?id=157518
--- Comment #2 from jan d <[email protected]> --- TL;DR: Implement strength meter based on existing code, do not use rules, consider further improvements. 1. PRO: strength-meter 1) There will be existing and reviewed code for it 2) It is not dependent on single rules 3) it is a self-contained component, its only dependency being the password-entry field and minor translation. 2. AGAINST (for now): rules. They need a lot of text and can not capture well how password (cracking) work. Lets say your rules say "special characters": Nice, but several randomly chosen words ("passphrase") might be better, leading to adding 1! to the phrase etc. 3. OPTIONAL/Addition: have an "unmask password" icon. While attackers might look over your shoulder, far more often they don’t, and it adds some comfort when typing more complex passwords or finding a problem with them. 4. OPTIONAL/Addition: Remove hint for case sensitivity. There are many things to be hinted at, but if we do not know we absolutely need it: It takes away attention from more important things. 5. OPTIONAL/Addition: If we feel we need to instruct people about more-than-absolute-essentials here: Lets link to a help page. 6. AGAINST (for now): Configuring a password policy, since it would lead to needed an additional implementation to configure it, ideally via a org-wide policy etc. Also, see problems with rules at 2. -- You are receiving this mail because: You are the assignee for the bug.
