nextcloud
"Password audit" needs more explanation
Feature request
User type: Logged-in
User level: Beginner
Description
The Passman "password audit" has a box labelled "Minimum password stength[sic*]". If you hover the box (which isn't great UI because, amongst other things, it won't work on touch devices) then it says something about not entering a value above 4, but doesn't explain what the value means.
While poking around the password strength widget for other reasons, I found the zxcvbn documentation which says:
0 # too guessable: risky password. (guesses < 10^3)
1 # very guessable: protection from throttled online attacks. (guesses < 10^6)
2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
I'm guessing that the page is referring to these values!
Benefit / value
For the "audit" feature to be more useful then it would be good to have that explained on the page so that users know what value to enter and what it means!
Risk / caveats
None
Are you a developer willing to implement this feature?: yes - I could do, but it needs translation and decisions on how to display it in the UI
Can you sponsor the development of this feature or do you know someone who can?: no
* I just noticed the typo when I copied and pasted this and Firefox underlined it!
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
