Forem Creators and Builders

loading...
Cover image for What does it take to create a strong password?

What does it take to create a strong password?

lisasy profile image Lisa Sy ・1 min read

At Forem, you might have seen some recent updates to our sign-in flow.

We're working to make it empower communities to provide whichever authentication methods best serve their need — whether that is social authentication (Twitter, Google, Facebook, etc), and/or email and password. We've typically leaned towards encouraging people to sign up using social authentication because 1) that doesn't require storing passwords on our end and 2) we think that requiring social auth prevents spam and harassers from profligating on our platform. But it's not enough just to provide social oauth as an option: some communities and people want to sign up with a good ole email and password.

How do we build out email/password authentication while ensuring that we mitigate as much spam & harassment as possible? Ideally, we'd want to create and store their passwords with a password manager. But in the more common case where people don't want to use a password manager, how can we nudge them to create secure passwords? Here's where this idea comes in:

A contextual password helper

📹 Watch the video recording here

contextual password helper

Questions:

  • What are your general feedback around the video you see?
  • We're thinking that 10 character minimum is ideal. What are your thoughts here?
  • Should requiring numbers, lowercase and uppercase characters, and symbols be part of our requirements?

Discussion (4)

Collapse
lee profile image
Lee

I like the idea of guard rails and maybe enforcing the length, sometimes I feel for non tech savy people, the numbers, digits, symbols can be a frustration. On another note how do you do those fabulous Forem mockups?

Collapse
nektro profile image
Meghan

pleaseeeee don't have a minimum. or a max for that matter. don't get me wrong, definitely have the UI warnings to guide people into using better and longer passwords. but sometimes I *want* to use password as my password and forem or other software shouldn't be forcing people to be better about it.

Collapse
nektro profile image
Meghan

making the minimum 10 is just gonna get those people to use password12 instead.

Collapse
eric profile image
eric

Something like this:

Example1*[[^^]+

Would be good if you need a really strong password.

Forem Open with the Forem app