top | item 34829045

(no title)

lvxferre | 3 years ago

The interface is amazing. Clean, it doesn't leave huge amounts of empty space that scream "this was made for phone users, everyone else might fuck off", and the subforums already hint "we want to gather political dissidents". It feels like the 00s forums without looking like one, it's the best of both worlds.

I tried to register with a weak password (on purpose) to check security. It works; four tries and three different errors (capital letters required, special characters required, min length required). However, I feel like a user hitting this issue accidentally would've given up after the third try. Perhaps it could be worth to check for multiple errors at once, and output them all to the user; e.g. "The password must mix case, and contain special characters, and have a minimum length of 8". Just an idea/feedback, mind you.

discuss

account42|3 years ago

> special characters required

This one is super annoying. A long password without special characters is not any less secure than a short password with one special character added because it was required.

Better than arbitrary requirements like this would be to estimate the entropy and then just prevent low-entropy passwords (or only tell the user - not everyone needs the same level of security for everything).