[4] Password Symbols #41552
Comments
|
i do remember a conversation about this - searching for a link |
|
found what I was thinking of but dont think it is relevant - sorry #29445 |
|
media/system/js/fields/passwordstrength.js is a 3rd party script - https://github.com/tkjaergaard/Password-Strength - that unfortunately has not been updated for some time. Addressing this issue would then either require us to rewrite the script as a native Joomla script, or update this one with an improved special characters check. To do the latter, and after consulting our future overlord ChatGPT about special characters in passwords, it suggested the following characters to avoid: Ambiguous Characters: with the following characters recommended: !@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~A possible update to the regular expression check could then be: score += this.constructor.calc(value, /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~]/g, this.special, mods); |
|
why would you avoid characters because they look like others. you should never be reading it anyway |
I suppose this would be for passwords that people pick to remember and perhaps store in a hand-written or other text format. Using an ambiguous character would more likely lead them to make a mistake when entering in the password. |
|
Please test #43484 |
|
closed as we have a PR |
Steps to reproduce the issue
Set the User Options Password Minimum Symbols to 1
Expected result
Symbols should be anything not a character or number.
Actual result
The following symbols do not count as symbols: @[]£^+±~<>/'",.
System information (as much as possible)
Firefox on Mac Joomla 4.3.4 and 5.0-dev
Additional comments
I think this is the line to look at in media/system/js/fields/passwordstrenght.js
It seems hard to believe this has gone unnoticed for so long. Is it me at fault?
The text was updated successfully, but these errors were encountered: