signoz icon indicating copy to clipboard operation
signoz copied to clipboard

Published 20 hours ago • verified publisher icon SigNoz

signup fails

Open tomquas opened this issue 2 years ago • 7 comments

Bug description

Screen Shot 2022-10-03 at 10 05 47

http://localhost:3301/signup

According to screenshot, password policies are a) a pain b) useless if not implemented correctly c) not worth a dime - as many studies and reports found out before. why not drop them?

Expected behavior

i can sign up / log in.

How to reproduce

  1. $ cd deploy/docker/clickhouse-setup
  2. $ docker compose up
  3. $ open http://localhost:3301/signup
  4. see screenshot

Version information

  • Signoz version: 0.11.1 (docker > create
  • Browser version: chrome 10x.y

tomquas avatar Oct 03 '22 08:10 tomquas

Thanks for opening this issue. A team member should give feedback soon. In the meantime, feel free to check out the contributing guidelines.

welcome[bot] avatar Oct 03 '22 08:10 welcome[bot]

submit a PR to change it

LasseRafn avatar Oct 04 '22 08:10 LasseRafn

@palashgdev can you check what's the issue here?

pranay01 avatar Oct 05 '22 17:10 pranay01

Thanks for reporting the issue. This is not expected. Is there a particular type of passwords you see this repeating on ? Cause this works well for some passwords I tried @tomquas

pranay01 avatar Oct 05 '22 17:10 pranay01

it is due to regex is failing at https://github.com/SigNoz/signoz/blob/develop/frontend/src/pages/SignUp/utils.ts#L10

we can add :

palashgdev avatar Oct 06 '22 06:10 palashgdev

Awesome project but you really need to get rid of this arbitrary password requirements that were enforced and thought to be secure (which are not, by today's standards) by some random IT security guy in 1980s. Please Just enforce a length constraint and be done with it. Otherwise you'll keep adding more gibberish to your regex.

For instance, I wanted to sign up on my local copy, but it did not accept a couple of my passwords, which I use to access sites with arbitrary password requirements. These included a "(" and a '/' and a ";" that are not accepted.

Further reading and Mandatory xkcd comic

yamac-kurtulus avatar Oct 07 '22 13:10 yamac-kurtulus

Hey @pranay01 would love to take a stab at this. So what are we going with - adding : to regex or removing the special character constraint.

lakshya-dhariwal avatar Oct 16 '22 18:10 lakshya-dhariwal

Hey, I would like to pick this up if no one else is working on it. I would simplify the check to just look for 8 characters, as those other constrains do not significantly improve security but negatively impact user experience and are generally considered outdated. Feel free to assign me.

mariuskimmina avatar Dec 22 '22 19:12 mariuskimmina

@mariuskimmina Sure, please just reduce check to 8 chars. Assigned it to you

Feel free to join our slack community as well if you need any help

pranay01 avatar Dec 23 '22 05:12 pranay01