Bug: Password policy is incompatible with Firefox password generator [May 27]

🙋‍♂️ hoh

The password policy requires "Atleast 8 letters with one Uppercase, one number and one special letter".

This causes useless friction for users of password generators such as Firefox, that do not include special characters in the password.

🙋‍♂️ o1lab

Does the policy of firefox same as Chrome & Safari ?

🙋‍♂️ hoh

Someone else may be able to help you with info on Chrome or Safari.

The issue here is simply that requiring special characters in the password is not a sign that it is more secure (many people always add the same simple symbol at the end).

🙋‍♂️ Vadorequest

@o1lab FYI passwords shouldn't "have to contain characters". It's not a good recommendation as of 2021. If you want to ensure strong password, you should only consider the size and not the content. A 8-chars passwords can be cracked very easily, special chars or not.

My recommendation would be to increase the min length to 12-15 chars (I recommend 15 chars minimum) and not check for presence of min/maj/special chars.