Jump to content
  • 0

Generate Password

a.daniello

Asked by a.daniello,

 Share

Question

a.daniello Newbie

a.daniello

Posted
Posted

Editing account/contact, there’s a great function “generate password”, but input type is “password” so if i click on link "generate password" i can generate a new "secure" password...


 


... so secure that i can’t see it!!


 


;)


post-9466-0-29622000-1421448057_thumb.pn

13 answers to this question

Recommended Posts

  • 0
Paul Rising Star

Paul

Posted
Posted

Originally it was not a password field, which meant you could see the generated password. Admittedly, it is now less useful. We created CORE-552 to create a modal box where the password will be generated and displayed, then saved to the form as is now.

  • 0
Tyson Newbie

Tyson

Posted
Posted

Also Add Password Score to must need score 50+ otherwise basic password not taken Like (Ex: 123456).because Here is customer domain and hosting.

 

 

Thank you

 

Attributing a "score" to passwords would be arbitrary, unless you have specific requirements that dictate how such a score could be constructed? Passwords may need to conform to different guidelines depending on where it is used and what it helps to protect. I wouldn't want someone to think that an arbritrary score of "100" somehow makes a password secure.

  • 0
Jonathan Newbie

Jonathan

Posted
Posted

Attributing a "score" to passwords would be arbitrary, unless you have specific requirements that dictate how such a score could be constructed? Passwords may need to conform to different guidelines depending on where it is used and what it helps to protect. I wouldn't want someone to think that an arbritrary score of "100" somehow makes a password secure.

 

Scores for passwords in applications are generally derived by meeting certain criteria, most often times javascript is use to determine this "on the fly".  For example: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

 

Sure it's somewhat arbitrary, but creating secure passwords really isn't hard so having an arbitrary meter to help guide people would be very useful.

  • 0
Tyson Newbie

Tyson

Posted
Posted

The problem with using an arbitrary password score in Blesta is that each password field would need to define its own requirements and its own algorithm for calculating scores since the passwords Blesta accepts range from Blesta account passwords to cPanel account passwords and more, and each system has different requirements. For example, if cPanel only allows up to 12 character passwords, and Blesta only allows 13+ characters to be scored at 100, it gives the false impression that there is more to be gained.

 

Personally, I don't think a password score is necessary. I think it would be more beneficial to show whether the password conforms to its given password requirements, and then the requirements can be set to whatever you would determine a score of 100 to be.

  • 0
Jonathan Newbie

Jonathan

Posted
Posted

The problem with using an arbitrary password score in Blesta is that each password field would need to define its own requirements and its own algorithm for calculating scores since the passwords Blesta accepts range from Blesta account passwords to cPanel account passwords and more, and each system has different requirements. For example, if cPanel only allows up to 12 character passwords, and Blesta only allows 13+ characters to be scored at 100, it gives the false impression that there is more to be gained.

 

Personally, I don't think a password score is necessary. I think it would be more beneficial to show whether the password conforms to its given password requirements, and then the requirements can be set to whatever you would determine a score of 100 to be.

 

Fair enough.  Technically speaking that makes good sense.

 

A password requirement criteria would be just as good if not better.  All I'm looking to do is force people's "password123" passwords into something a bit better.  Whether it's by means of an arbitrary score or set of requirements I don't really care as long as it's user-friendly.  Perhaps with this criteria ruleset instead of a score a javascript list of requirements that'd "tick" when the requirement was met would be nice.

  • 0
Paul Rising Star

Paul

Posted
Posted

Password scores can be useful to end-users by simply making them think about their password selection. If they want to choose something we arbitrarily deem as "poor" security-wise, then at least they are making a conscience decision about it. It may nudge people into creating a better password, and save us the headache of a breached account.

 

In terms of arbitrary, the link Jonathan posted -- https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/ probably best fits with our understanding of secure passwords. Length is better than special characters, and passwords that are difficult for computers to guess but easy for people to remember.

 

Worth considering.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to question listing
×
×
  • Create New...