What does it take to create a strong password?

#authentication #discuss #meta #design

At Forem, you might have seen some recent updates to our sign-in flow.

We're working to make it empower communities to provide whichever authentication methods best serve their need — whether that is social authentication (Twitter, Google, Facebook, etc), and/or email and password. We've typically leaned towards encouraging people to sign up using social authentication because 1) that doesn't require storing passwords on our end and 2) we think that requiring social auth prevents spam and harassers from profligating on our platform. But it's not enough just to provide social oauth as an option: some communities and people want to sign up with a good ole email and password.

How do we build out email/password authentication while ensuring that we mitigate as much spam & harassment as possible? Ideally, we'd want to create and store their passwords with a password manager. But in the more common case where people don't want to use a password manager, how can we nudge them to create secure passwords? Here's where this idea comes in:

A contextual password helper

📹 Watch the video recording here

Questions:

What are your general feedback around the video you see?
We're thinking that 10 character minimum is ideal. What are your thoughts here?
Should requiring numbers, lowercase and uppercase characters, and symbols be part of our requirements?

Top comments (4)

Lee • Sep 1 '20

I like the idea of guard rails and maybe enforcing the length, sometimes I feel for non tech savy people, the numbers, digits, symbols can be a frustration. On another note how do you do those fabulous Forem mockups?

Meghan • Oct 2 '20

pleaseeeee don't have a minimum. or a max for that matter. don't get me wrong, definitely have the UI warnings to guide people into using better and longer passwords. but sometimes I *want* to use password as my password and forem or other software shouldn't be forcing people to be better about it.