passwords icon indicating copy to clipboard operation
passwords copied to clipboard

Published 20 hours ago verified publisher icon marius-wieschollek

Frequently Unsupported Special Character in Generated Passwords

Open JDDellGuy opened this issue 2 years ago • 3 comments

Current Status The password generator seems to consistently include the € character when special characters are enabled for password generating. My observation is that a number of applications and websites do not accept this character in passwords. It also does not feel truly random that this character is included in nearly ALL generated passwords that had the "Special Characters" box selected.

Feature Description It would be sufficient if the selection of special characters was truly random. This would make it less likely for the € character to be included in the password and if it was, then the generator could just be refreshed to try generating a password without it. It may be worth considering to have the generator only use special characters that are most commonly accepted. A third box for "extended special characters" could be offered perhaps, if a user desired to generate passwords with an opportunity for including this and potentially other additional "strange" special characters.

Additional context Screenshot_20221110_043519

JDDellGuy avatar Nov 10 '22 22:11 JDDellGuy

A very large number of websites doesn't allow these "extended" special characters. The big issue here is that some websites seem to allow these characters, but the validation process just fail to work, and the password with extended special character doesn't work once we try to login. I know this is mostly a website issue, but this feature as described by @JDDellGuy would be much appreciated, specially in this case.

Otherwise, there is a workaround to this : manually edit RandomCharactersHelper.php/SpecialCharacterHelper.php to fit your needs (i.e. remove € character).

@marius-wieschollek any news on this ?

Luth1ng avatar Feb 13 '23 04:02 Luth1ng

Even Google doesn't support these characters. @marius-wieschollek is there any chance you worked on this ?

Workaround :

ncpasswordsdir="/var/www/nextcloud/apps/passwords"

sed -i -E "/( ){12}('e'|'E')( => '€'),/d" $ncpasswordsdir/lib/Helper/Words/SpecialCharacterHelper.php
sed -i -E "s/(const CHARACTERS_[A-Z]{2}  = ')[^']+';/\1';/g; s/(const SPECIAL\s+= '[^']*)€([^']*)'/\1\2'/g" $ncpasswordsdir/lib/Helper/Words/RandomCharactersHelper.php

Luth1ng avatar Jun 16 '23 11:06 Luth1ng

I requested something similar almost six years ago in #97, never got a good answer. @Luth1ng, could you submit your changes as a pull request? The other non-ASCII characters that frequently show up in passwords are äöüÄÖÜß. I recently helped someone change their passwords for about 30 services and at least a third of them complained about generated passwords containing these characters.

dfyx avatar May 20 '24 19:05 dfyx