I think we need more details on the policy before design work can start. @corpetty @0kok0 Do you have references to examples or best practices for password indicators from a security point of view? E.g.

• Lastpass distinguishes casing, 1Password does not
• Lastpass uses blocks (going from 6 to 7 characters doesn't indicate a better password, going from 7 to 8 does), 1Password is more granular, every additional character implies a better password

Also, @iurimatias, to be crystal clear: the issue is to design an indicator only, not introducing new password requirements, correct? (Currently we have a 6 character minimum requirement)

Next step
Investigate adding biometrics

Update on this: I'll have policy drafted for review by Wednesday

status-im/status-security#11 pls review. I'll move over to a new policies directory after we agree and lock it in.

Authentication policy in https://github.com/status-im/status-security is leading. Below shows (GUI) design requirements to serve as design input.

Design requirements

Password creation

• Indicate password strength in color and words
  • Classification is pre-defined and follows: Very weak, Weak, Wo-so, Good, Great
• Allow to check if password is compromised (TBD if this should be optional)
• Warn if a password is compromised
• Warn if a password is a common word
• Offer suggestions based on the entered password. These can be one or more of the list below:
  • Add more characters
  • Combine upper case and lower case
  • Add numbers
  • Add symbols
  • Add middle numbers or symbols
• Allow preview of the password
• Show each character in cleartext as it is entered for a short time
• Allow paste

Password compromised

• Include setting to check if a password is compromised (TBD if this should be optional)
• Warn user that password is compromised and provide entry to change password

For examples see:
www.dropbox.com (account creation)
https://bitwarden.com/password-strength/
http://www.passwordmeter.com/

cc @corpetty for corrections

we need a design to implement this cc: @simonricoo @hesterbruikman

Looks like we don't have capacity for this on the design side at this point. Probably best to revisit in 3 weeks when the rest of the team is back and Wallet work is underway

This page details the requirements for a secure password. The Bitwarden password straingth indicator provides a good starting point for the UX design. Important considerations include communicating to the user that they can't recover their password if they loose it, and how critical to them this password is.

Relevant discussion from Discord: