We need a way for admins to configure the desired password strength, e.g. to enforce compliance policies.
The current best practice seems to be a combination of a password strength meter and blocking common and previously breached passwords:
It is important to provide clear user feedback, e.g. when blocking a password, so that users will know what is wrong with the password of their choice and what they can do to proceed.
For the UI, we need:
- A password strength indicator, ideally providing real-time feedback to the user while typing a new password, e.g. a bar that fills up and changes color from red to green as soon as the configured minimal strength level is reached
- Additionally, there needs to be a text, explaining what's wrong as long as the bar is red, e.g.
- Password too short
- Password is too simple
- Password has been found in online breach data
We need a way for admins to configure the desired password strength, e.g. to enforce compliance policies.
The current best practice seems to be a combination of a password strength meter and blocking common and previously breached passwords:
It is important to provide clear user feedback, e.g. when blocking a password, so that users will know what is wrong with the password of their choice and what they can do to proceed.
For the UI, we need: