View Issue Details

IDProjectCategoryView StatusLast Update
0000445Main CAcert Websiteaccount administrationpublic2007-06-25 07:46
Reporterjradel Assigned To 
Status confirmedResolutionopen 
Summary0000445: password strength checker doesn't supply sufficient detail when rejecting passwords
DescriptionAs an example, it is unclear why


is rejected when the message is

"The Pass Phrase you submitted failed to contain enough differing
characters and/or contained words from your name and/or email address.
Only scored -1 points out of 6."

The user name for this attempt was "Testy User" and email address "". So presumably, the complaint is that there are only 14 different characters in this 16 character long password. It has every class of character mentioned in your suggestion other than white space. It supposedly got an extra point for being over 15 characters. It doesn't meet any of the criteria for loosing points other than that "A" is an English word. Yet it gets -1 points.

While requiring strong passwords is laudable, making the process so opaque that lots of people feel a need to complain bitterly before they wander off again probably doesn't actually further CACert's goals.
TagsNo tags attached.
Reviewed by
Test Instructions


related to 0000433 closedINOPIAE The example password can be used on registration 


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2007-06-25 07:40 jradel New Issue
2007-06-25 07:44 evaldo Relationship added related to 0000433
2007-06-25 07:46 evaldo Priority normal => high
2007-06-25 07:46 evaldo Status new => confirmed
2007-06-25 07:46 evaldo Projection none => minor fix