On Jan 10, 2014, at 7:39 AM, Ryan Feeley <[email protected]> wrote:
> Do think we can fit this in? It looks pretty great. > Let's consider it for Fx30+ :) > On Jan 9, 2014, at 3:00 PM, Chris Karlof <[email protected]> wrote: > >> This one is a little better than average, though, :) >> >> https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ >> >> -chris >> >> >> On Jan 8, 2014, at 3:51 PM, Chris Karlof <[email protected]> wrote: >> >>> Hi Madhava, >>> >>> I'm not keen on password strength estimators. Two reasons: >>> >>> 1) It's not clear how they should work. There's a lot of debate of what >>> qualifies as a "strong password". and many strength estimators often do >>> silly things like say "password0" is weak but "password9" is strong. >>> 2) They add UX noise for unknown benefit. Plus a believer that if a user >>> really wants a weak password for whatever reason [1], we shouldn't shame >>> them with a big red indicator or frowny face. >>> >>> There are some things I think we should do: >>> 1) Require a minimum length (8 char?) >>> 2) Provide guidance for users who would like to know how to choose a >>> stronger password >>> 3) Throttle bad password guesses >>> >>> Another interesting idea is to disallow users from using passwords on a >>> "naughty list", e.g., a list of the X hundred or thousand most common >>> passwords. This combined with throttling can be quite effective. >>> >>> -chris >>> >>> [1] hey, how often do you sign up for a service you don't care about much >>> or just wanna try out and give it some garbage password? >>> >>> _______________________________________________ >>> Dev-fxacct mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/dev-fxacct >> >> _______________________________________________ >> Dev-fxacct mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/dev-fxacct > > Ryan Feeley > Product Designer, Identity > Mozilla UX > IRC: rfeeley >
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
