Closed Bug 959794 Opened 6 years ago Closed 6 years ago

Validate password length


(Firefox for Android :: Android Sync, defect)

Not set



Tracking Status
firefox29 --- verified


(Reporter: pdehaan, Unassigned)


(Blocks 1 open bug)


(Whiteboard: [qa+])


(1 file)

Steps to reproduce:
1. Download and install
2. Goto (Android) Settings > Accounts > Add account > Firefox Account
3. Enter a valid email address format (
4. Enter a short password "ab".
5. Click the Create Account button.

Actual results:
Account is seemingly created with an invalid password length.

Expected results:
We should validate password length locally before sending to server and display a solid error message.
Chris, is there a defined minimum password length for FxA?
Flags: needinfo?(ckarlof)
OS: Mac OS X → Android
Hardware: x86 → All
Summary: must validate minimum password length → Validate password length
8 character minimum. No additional restrictions.
Flags: needinfo?(ckarlof)
Should be fixed by Bug 951304.  QA verification appreciated.

On create, the button should be disabled until the password is >= 8 characters long.  When signing in, the button should be disabled until the password is >= 1 character long.  This choice was made because the mocks I have don't show text about password length on sign in, and it's very strange to not have the button enabled immediately.
Closed: 6 years ago
Resolution: --- → FIXED
Flags: in-moztrap?(fennec)
Keywords: verifyme
QA Contact: aaron.train
I thought we also had a 64 char max limit?
"No additional restrictions." -- does that mean no max length?
Flags: needinfo?(ckarlof)
Keywords: verifyme
(In reply to Richard Newman [:rnewman] from comment #6)
> "No additional restrictions." -- does that mean no max length?

We could consider doing that, but we send over a fixed length hash of the password to the FxA auth server, so there aren't DOS issues related to long passwords.

I don't see much upside in a max password length restriction at this point, other than preventing the user from creating a bad UX for themselves by choosing a 1000 char password.
Flags: needinfo?(ckarlof)
Product: Android Background Services → Firefox for Android
You need to log in before you can comment on or make changes to this bug.