Increase password requirement #13137
Comments
|
Thanks @ducheng0 , good suggestion. |
|
@cammellos I don't have much experience with ClojureScript, but I think it would be a great learning opportunity. |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 400.0 DAI (400.0 USD @ $1.0/DAI) attached to it.
|
|
@ducheng0 I have created a bounty, you can apply from the link above. |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work has been started. These users each claimed they can complete the work by 264 years, 8 months from now. 1) bongkie007 has applied to start work (Funders only: approve worker | reject worker). Try this pasword I have a 7+ year experience in cyber security and given an opportunity, I can help you with developing brilliant solutions to create a safe and secure authentication system. Looking forward to discussing and working on this bounty. I can update validation process, so that minimum password length is 8 characters. Excluding list of pwned passwords would require using external service, as currently list of pwned passwords has more than 15GB in size. Per requirements, the password should:
I already integrated strong password logic before. So it is easy for me. New thing is emojis. But I can solve this easily too. It will requires only add unicode variable. I can solve the problem using a password generator i made that combines word,symbols and numbers all in one to make the password stronger than ever and i can match this up using an authenticator. Then if a VPN is provided during the password entering period it can help to stop interception from hackers trying to gain access. Find the code that manages the password view and update it with some simple password checking. Write an additional piece of code to support 8 characters for password with the enhanced security of implementing a Regex. Learn more on the Gitcoin Issue Details page. |
|
I've tried, and I can't figure it out. Bounty is still open to anyone who wants it. |
If you go here https://gitcoin.co/issue/status-im/status-react/13137/100027817 , you should see a button "Express interest", and then I can approve you to start working on it. You can also ping me on our discord if you need any help. |
|
I meant I tried looking through the codebase, can't figure out where the code I'm looking to change is. I've never used Clojure or ClojureScript prior to work on Status. |
|
Is this bounty still open for suggestions and implementation? |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work for 400.0 DAI (400.0 USD @ $1.0/DAI) has been submitted by: @StatusSceptre please take a look at the submitted work:
|
As a user
I want to have a minimum number of characters in my password enforced
So I don't mistakenly choose a weak password
Description
We should enforce (client side) a minimum of 8 characters for the password
Ideally we exclude a list of common passwords, as per original comment below, but can be done separately
Original comment
As per the DejaVu security audit that was done in 2018, we should increase the password requirements.
Here's what they said:
We should increase the limit to 8 characters, and prevent users from entering passwords with low entropy such as "000000" or "querty". Right now, there's 56 billion possible combinations if the user is using a 6 character password (
62^6) but that is increased to 218 trillion combinations with an 8 character minimum (62^8) which would take longer to crack, without interference to the user.In addition, we should also allow characters from other systems such as Chinese, Cyrillic, Arabic, and Emojis to add to the allowed complexity.
The text was updated successfully, but these errors were encountered: