Inline Email and password validation

[davismtl]

During Sync Fest we observed that during registration we only validate the email format and that the 2 password fields match on form submit.

This causes the browser to offer saving a potentially wrong email or password.

The user then needs to make the changes and submit again.

Let's do validation on blur so that users can fix problems immediately.

I don't think it's necessary to A/B test this but if we prefer to then we can create a lightweight feature doc.

[davismtl]

CC @ryanfeeley

[MynahMarie]

@vladikoff Can I work on this as part of my Outreachy contribution?

[vladikoff]

@MynahMarie this bug is a bit complex. Here's a simpler one to get started first: #5354 (comment)

[hritvi]

Hey, @davismtl @vladikoff. Can I work on this issue? Thanks!

[vladikoff]

@hritvi this one is complex, let's skip it

[davismtl]

@hritvi , @vladikoff is correct. We are writing a full spec for this one as a part of better aligning with NIST requirements:
https://pages.nist.gov/800-63-3/sp800-63b.html (section 5)

[davismtl]

To provide additional clarification to the last comment, @vladikoff I am not opposed to resolving this issue before getting NIST style password validation. The basic functionality requested in this bug is a basic we should do which will most certainly help registration and login rates.

[shane-tomlinson]

With the password strength experiment, we do inline validation of the password. Closing. If we want to do email at a later date, let's open a new bug.