Hacker News new | past | comments | ask | show | jobs | submit login

question: would it be possible/smart to have a system where the entity that is authenticating you has a way to disclose to you the maximum password complexity that it can handle ? Something like a GeekCode string that you can feed to your password generator and come out with a the strongest password possibly handled by the system ?





Apple/OP actually maintains a list of crowdsourced password rules for websites https://github.com/apple/password-manager-resources/blob/mai...

reply


On one hand it’s terrible that they have to do this. On the other, in terms of attention to detail and user experience it’s great.

reply


Apple some years ago proposed a string format for password rules – to be used in password managers and also an HTML attribute for that:

  <input type="password" passwordrules="minlength: 8; maxlength: 12; required: lower; required: upper; required: digit; required: [-];">
It seems implemented in Safari and UIKit, but I can’t find any implementation documentation for other brothers. Sad.

https://developer.apple.com/password-rules/

https://developer.apple.com/documentation/security/customizi...

reply


I think we just moved to Passkeys for that.

reply


Yeah, actually, that would work fine. But the people who maintain the login pages don't update their complexity rules right half the time, so the geekcode would go out of date quickly, and you'd end up spitting out invalid passwords, and people would stop using it

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: