View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000445||Main CAcert Website||account administration||public||2007-06-25 07:40||2007-06-25 07:46|
|Summary||0000445: password strength checker doesn't supply sufficient detail when rejecting passwords|
|Description||As an example, it is unclear why |
is rejected when the message is
"The Pass Phrase you submitted failed to contain enough differing
characters and/or contained words from your name and/or email address.
Only scored -1 points out of 6."
The user name for this attempt was "Testy User" and email address "firstname.lastname@example.org". So presumably, the complaint is that there are only 14 different characters in this 16 character long password. It has every class of character mentioned in your suggestion other than white space. It supposedly got an extra point for being over 15 characters. It doesn't meet any of the criteria for loosing points other than that "A" is an English word. Yet it gets -1 points.
While requiring strong passwords is laudable, making the process so opaque that lots of people feel a need to complain bitterly before they wander off again probably doesn't actually further CACert's goals.
|Tags||No tags attached.|