Closed Bug 959794 Opened 6 years ago Closed 6 years ago
Validate password length
Steps to reproduce: 1. Download and install http://email@example.com/try-android/ 2. Goto (Android) Settings > Accounts > Add account > Firefox Account 3. Enter a valid email address format (firstname.lastname@example.org) 4. Enter a short password "ab". 5. Click the Create Account button. Actual results: Account is seemingly created with an invalid password length. Expected results: We should validate password length locally before sending to server and display a solid error message.
Chris, is there a defined minimum password length for FxA?
OS: Mac OS X → Android
Hardware: x86 → All
Summary: must validate minimum password length → Validate password length
8 character minimum. No additional restrictions.
Tracking issue for FxA for the Web: https://github.com/mozilla/fxa-content-server/issues/110
Should be fixed by Bug 951304. QA verification appreciated. On create, the button should be disabled until the password is >= 8 characters long. When signing in, the button should be disabled until the password is >= 1 character long. This choice was made because the mocks I have don't show text about password length on sign in, and it's very strange to not have the button enabled immediately.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
QA Contact: aaron.train
I thought we also had a 64 char max limit?
"No additional restrictions." -- does that mean no max length?
(In reply to Richard Newman [:rnewman] from comment #6) > "No additional restrictions." -- does that mean no max length? We could consider doing that, but we send over a fixed length hash of the password to the FxA auth server, so there aren't DOS issues related to long passwords. I don't see much upside in a max password length restriction at this point, other than preventing the user from creating a bad UX for themselves by choosing a 1000 char password.
You need to log in before you can comment on or make changes to this bug.