Open
Bug 1401562
Opened 8 years ago
Updated 4 years ago
Password meeting stated policy is not accepted
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
NEW
People
(Reporter: truber, Unassigned)
Details
Attachments
(1 file)
|
258.46 KB,
image/png
|
Details |
pwd-prompt.png
With the recent change to bmo password policy, I was prompted to change my password to comply. The reason given is: "not enough different characters or classes". My old password did comply with the policy as stated:
- exactly 12 characters long
- contained uppercase letters, lowercase letters, numbers, and symbols
I've attached a screenshot of the error message, which is incorrect.
Apologies if this is a bmo configuration issue and not a bugzilla issue.
|
||
Comment 1•8 years ago
|
||
Yep, it's bmo-specific.
Assignee: user-accounts → nobody
Component: User Accounts → General
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
|
||
Comment 2•8 years ago
|
||
I think "not enough different characters or classes" means either:
1. password does not have enough different *characters*
2. password does not have enough different *character classes*
Any idea on how to better codify this in the description?
Flags: needinfo?(gdestuynder)
Flags: needinfo?(ehumphries)
|
|
||
Comment 3•8 years ago
|
||
:dylan - yes, this is the string it outputs when there are repeated characters as well. I believe this comes from the library though it could be more informative.
Example:
> pwqcheck -1 min=disabled,disabled,12,12,12 max=9999
> $$$111testte^D
> Bad passphrase (not enough different characters or classes)
Counter-example:
> pwqcheck -1 min=disabled,disabled,12,12,12 max=9999
> $1tkofmzxkdje
> OK
Would recommend passphrase to avoid this though
Flags: needinfo?(gdestuynder)
|
Reporter | |
Comment 5•8 years ago
|
||
fwiw pwqcheck returns OK for my old password using the above command.
:truber - sorry this was just a demo of what the library outputs for what issue. Bugzilla uses slightly different parameters, if you want to check locally.
I believe it uses the equivalent to this (though, :dylan would know exactly):
> pwqcheck -1 min=disabled,disabled,12,12,12 max=9999 match=6 passphrase=4 similar=deny
Discussed with :kang.
Flags: needinfo?(ehumphries)
|
||
Comment 8•8 years ago
|
||
The password policy as stated on the password change page is still incorrect (or if you prefer: incomplete).
I had to type my old password about 10 times and think about a new password variant 10 times as well until i found something the page would accept.
This was the worst user experience I had on any website for a long long time.
Same issue for me. Password exactly 12 characters long, also tried with 13 characters. Contains uppercase, lowercase, symbols, numbers, and has no repetition whatsoever. Except for one character that was used twice (with another character in between, so no immediate repetition). Got the same error. In the end I had to resort to a passphrase.
You need to log in
before you can comment on or make changes to this bug.
Description
•