Forem Creators and Builders 🌱

Cover image for What does it take to create a strong password?
Lisa Sy
Lisa Sy

Posted on

What does it take to create a strong password?

At Forem, you might have seen some recent updates to our sign-in flow.

We're working to make it empower communities to provide whichever authentication methods best serve their need — whether that is social authentication (Twitter, Google, Facebook, etc), and/or email and password. We've typically leaned towards encouraging people to sign up using social authentication because 1) that doesn't require storing passwords on our end and 2) we think that requiring social auth prevents spam and harassers from profligating on our platform. But it's not enough just to provide social oauth as an option: some communities and people want to sign up with a good ole email and password.

How do we build out email/password authentication while ensuring that we mitigate as much spam & harassment as possible? Ideally, we'd want to create and store their passwords with a password manager. But in the more common case where people don't want to use a password manager, how can we nudge them to create secure passwords? Here's where this idea comes in:

A contextual password helper

📹 Watch the video recording here

contextual password helper

Questions:

  • What are your general feedback around the video you see?
  • We're thinking that 10 character minimum is ideal. What are your thoughts here?
  • Should requiring numbers, lowercase and uppercase characters, and symbols be part of our requirements?

Top comments (4)

Collapse
 
lee profile image
Lee

I like the idea of guard rails and maybe enforcing the length, sometimes I feel for non tech savy people, the numbers, digits, symbols can be a frustration. On another note how do you do those fabulous Forem mockups?

Collapse
 
nektro profile image
Meghan

pleaseeeee don't have a minimum. or a max for that matter. don't get me wrong, definitely have the UI warnings to guide people into using better and longer passwords. but sometimes I *want* to use password as my password and forem or other software shouldn't be forcing people to be better about it.

Collapse
 
nektro profile image
Meghan

making the minimum 10 is just gonna get those people to use password12 instead.

Collapse
 
eric profile image
eric

Something like this:

Example1*[[^^]+

Would be good if you need a really strong password.