-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calculate entropy of new account password, instead of asking for certain characters #6
Comments
Hello, Thanks for reporting a bug. Password strength policies are applied to prevent users from using insecure passwords. If I remove them, then users would be able to use insecure passwords. One of the main goals of Passky is to be unbloated and easy to use. It would require a lot of unnecessary lines of code to calculate good entropy. It's much more secure for the user to use numbers, special characters and upper case characters than passphrase "password password password password password" as an example. You can use passphrases without any spaces and put a number and special characters at the end, so the password would comply with policies. It would also be better to use only the first 2 or last 2 characters of every word in the passphrase for a password. As you would create a strong password that won't be included in any wordlist or English dictionary. Example: I will close this issue, but if you have any comment feel free to open it again. |
@zigazajc007 I understand for the unbloated part and the fact that calculating entropy might be tedious or overkill, but I would like to stress that What it means is that if we could use a passphrase, we could use Now, maybe we could find a middle ground, like adding a rule saying that the password should at least contain two different character types, and be long enough — say, 16 or 20 characters long? |
Thanks, you can expect a change in password strength policy in the next update. |
Passky Server has just been updated to v6.1.0. This version has a simple web page that would show you some info on how to use Passky and also it would report you an error or a warning if it's found. Example: https://eu1.passky.org Now I will be able to start working on Passky Clients. Thanks again for your patient. |
I have made a simple JS library for calculating Password Entropy. Currently I have set that 80 bits are minimum. If anyone have other suggestion feel free to provide it. |
Issue closed because it has been implemented in v8.0.0 |
Describe the bug
I am trying to create an account, using a passphrase with a very high (>150bits) entropy. Passky rejects my passphrase, because it doesn't contain any number nor special characters.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Being able to register with this very strong passphrase
Desktop:
The text was updated successfully, but these errors were encountered: