websiterepairguy
My feedback
2 results found
-
5 votes
An error occurred while saving the comment -
63 votes
An error occurred while saving the comment If you are going to object to a password, be more specific about the objection. Merely saying it is "weak" is not much of a hint. Also, the rules for a "weak" 7 character password should be different than those for a 14 character password. How about rules that are different for 8 characters vs. 16 vs. 24, etc? You could alter the algorithm such that the entropy of the character set decreases each time you misuse a character. Thus a password that uses the word "password" could be penalized by eliminating all the characters used in the word "password". Thus the character set decreases by 7 unique characters. Eliminating a 'p', 's', 'w', 'o', 'r' and 'd' from the character set is a better reflection of entropy than eliminating long, long passwords altogether. A better way to identify a weak password is not by penalizing individual violations, but by penalizing violations of the characters themselves.
I have 131 passwords that are considered "weak." The reason? For years I worked on other people's websites and these same people shared their passwords with me. Changing a client's password was not an option. Could we please have an option for identifying why a password is weak? Just seeing the word "weak" is not very helpful. How about the ability to search on the domain followed by a detailed explanation of the weakness of the password? If this feature exists, I've not found it. Specifically when I look at the list of 131 weak passwords, I have no way to access the lower part of the list that disappears into the bottom of my screen. A simple search feature that allowed me to find a specific domain with a weak password would be helpful.