View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005252 | Composr | core_form_interfaces | public | 2023-01-21 18:43 | 2023-02-09 22:01 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0005252: Password fields: Have button allowing to auto-generate a password | ||||
| Description | For password fields, incorporate a button that allows the automatic generation of a password (displayed probably in a JavaScript message with a text field for easy copying). This should be easy to do now that we have crypt.php's get_secure_random_password() which also ensures (if strength is passed as null) the generated password meets the site's password requirements on length and strength. I think this would be a very helpful tool especially on sites that use a higher strength requirement to help alleviate the inconvenience of users choosing their own compliant passwords. | ||||
| Tags | Type: Security | ||||
| Time estimation (hours) | 2.5 | ||||
| Sponsorship open | |||||
|
|
I'm skeptical about this: shouldn't this just be a browser feature? I use Bitwarden which can do this and I do it regularly. Seems weird for each website to implement its own password generator when the sites have no way of telling the browser/password-manager to save it. |
|
|
I see your point. The idea was that the password generator would guarantee the generated password meets the configured minimum requirements for length and strength on the site, especially since our strength calculator uses a custom algorithm. This is not something that can easily be done on the password manager since we check for more than just length and use of specific character groups (we also check for dictionary words, repeating characters, use of usernames/emails/dob in the password, etc). Most password managers that I am aware of will prompt / allow you to save credentials upon login and sometimes even upon saving a new password. |
|
|
That makes sense. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-01-21 18:43 | Patrick Schmalstig | New Issue | |
| 2023-02-09 18:39 | Chris Graham | Note Added: 0007893 | |
| 2023-02-09 18:40 | Chris Graham | Time estimation (hours) | 1 => 2.5 |
| 2023-02-09 21:26 | Patrick Schmalstig | Note Added: 0007896 | |
| 2023-02-09 21:27 | Patrick Schmalstig | Note Edited: 0007896 | View Revisions |
| 2023-02-09 21:35 | Patrick Schmalstig | Note Edited: 0007896 | View Revisions |
| 2023-02-09 22:01 | Chris Graham | Tag Attached: Type: Security | |
| 2023-02-09 22:01 | Chris Graham | Note Added: 0007897 |
