You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
It may not be too important, but it's worth mentioning that neither the old or the new regex actually works as described.
With these, this is a valid password: 123Ab
but this is not valid: 123=Ab
Because it is checking for specific instances of characters. A UUID (by definition) is pretty unique and a reasonable password, but is denied by this check, so this password isn't valid: 3BA00E8E-3840-4AE4-A46A-6F30215D5092
I'd suggest just checking for a minimum length and warning the user to pick something good.
The reason will be displayed to describe this comment to others. Learn more.
@matphillips I just does not check for either - or = and really wants lower-case in UUID. What about dropping regexp completely and just present user with generated password? Via something like this
The reason will be displayed to describe this comment to others. Learn more.
Providing a good password automatically is a good solution, many people will just use the "save password" feature of the browser anyway.
I'm just being a bit picky because I ran against a similar problem with a commercial software recently :)
ad62352There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may not be too important, but it's worth mentioning that neither the old or the new regex actually works as described.
With these, this is a valid password: 123Ab
but this is not valid: 123=Ab
Because it is checking for specific instances of characters. A UUID (by definition) is pretty unique and a reasonable password, but is denied by this check, so this password isn't valid: 3BA00E8E-3840-4AE4-A46A-6F30215D5092
I'd suggest just checking for a minimum length and warning the user to pick something good.
ad62352There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matphillips I just does not check for either - or = and really wants lower-case in UUID. What about dropping regexp completely and just present user with generated password? Via something like this
ad62352There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Providing a good password automatically is a good solution, many people will just use the "save password" feature of the browser anyway.
I'm just being a bit picky because I ran against a similar problem with a commercial software recently :)