Password tester?

[Mephistox]

how about a password strength tester and redoing the profile so that it is like IPB's?

first, the password tester: IPB (and certain phpbb-based CMSs, especially nuke-evolution) have a password-strength tester. Depending on what you put in, the ajax tester will display the strength of it.
It serves no "real" purpose, but it looks nice and helps new people figure out how to make strong passwords.

second, the profile: I'm not sure if anyone's mentioned it, but a more detailed profile would be nice (though not to the extent of the PCP - IMO that's too much).
Look at IPB for inspiration.


Another idea, how about having a "users who visited today" area.



Anyway, this is all just stuff from IPB that I really like.

[DigitalShadow]

i don't think that anyone would want to have phpBB like IPB, even the idea of that password tester is nice. but i doubt that anyone would make much use of it even if it showed that your password is insecure.

well, as far as i knwo you can add details to the profile through the acp. so no need for the devs to change anything. more detail is up to you.

[Lastof]

I hate password testers. They are unhelpful, and as far as I can tell, the most use that ever do is scare users, rather than get them to change their passwords.

Oh, and if someone could tell me how in the name of all things good hotmail thought that my 12 character password, containing upper and lower cases, as well as numbers, was only moderate security. What does it expect me to do, memorise somthing 128 characters long, and change it every time I log in?

[Mephistox]

I hate password testers. They are unhelpful, and as far as I can tell, the most use that ever do is scare users, rather than get them to change their passwords.

Oh, and if someone could tell me how in the name of all things good hotmail thought that my 12 character password, containing upper and lower cases, as well as numbers, was only moderate security. What does it expect me to do, memorise somthing 128 characters long, and change it every time I log in?

Not really.
It would just grade your password based on length (though not THAT long... 8 char should be sufficient) and variety of characters used (Capitals and lowercase, numbers and symbols).

You're probably right, it wouldn't help that much... but it could never hurt, you know?

[Martin Blank]

You can already set password requirements in Olympus, including minimum length and requiring certain complexities (none, mixed case, alphanumerics, and symbols, IIRC).

[Eelke]

That's different than allowing the password, but saying to the user, hey, your password could be more secure. FWIW, I think the argument about "scaring" away users is more applicable to hard requirements (i.e. no registration if your password does not respect them) than to a suggestive approach.

[DigitalShadow]

maybe it won't scare them away but it would probably annoy a lot of them. Most users know that their passwords are not the securest ones. you don't need to tell them that. even if you do, only a small amout of them would change their password.

[Eelke]

I wasn't arguing in favor of a password tester, I was just saying that if there are arguments against a password tester, they would probably apply at least as strongly to enforcing password requirements.

[Cheater512]

I'm for a password tester as long as it can be turned off.
It would be just like the visual confirmation.

It also has to be accurate. I've seen ones where my high security 16 character alpha-numeric password is 'medium security' and a shorter password with letters and symbols in it is also 'medium security'.

[DigitalShadow]

nah, would rather say that passwords should be autogenerated and emailed to the new member and only the admin would be able to change passwords if needed, while members not being able to change them. as i said earlier, what is the use of an password tester if members ignore the result of the test because they are to "lazy" or not willing to memorise an hard to remember "secure" password.