Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Arbitrary Character Sets #280

Closed
jtdoepke opened this issue Sep 21, 2017 · 5 comments
Closed

Allow Arbitrary Character Sets #280

jtdoepke opened this issue Sep 21, 2017 · 5 comments
Labels
🎨 ux 🔒 security

Comments

@jtdoepke
Copy link

Some websites have dumb password rules. One particularly annoying practice is to only allow symbols from a very limited set such as % & _ ? # = -. It would be nice to be able to choose which characters go into passwords with more granularity to comply with these websites.
@panther2
Copy link
Contributor

panther2 commented Sep 21, 2017
edited

Indeed, in cases such as this (though not many), you need to completely deactivate the option %!@ .

On the other hand it would be hard to memorize which characters have been enabled/disabled on which site. So this idea is good for those using the LessPass database.

That would require an additional option, or - if possible - the option %!@ given as now, with all characters activated by default and the chance to deactivate the ones not allowed manually (either singularly or maybe in groups).

The challenge would be to keep the interface clearly arranged.

Just brainstorming... good point anyway!

@guillaumevincent
Copy link
Member

Hello,
This feature is linked with LessPass Database.
LessPass long term goal is to remove the need of LessPass Database.
So I see this feature as a step in the wrong direction.

We should encourage/force those sites to update their password policies with a hall of shame or something like that. By adding those features inside LessPass we put some effort on our side, instead of asking those sites to do the right job.

This option will be only interesting for sites which required a special char, but don't accept every special char. Mitigation:

  • don't use those sites (imagine the quality of their system)
  • send screenshot on social media
  • if you are forced to use those sites, just uncheck special char and append manually one common special char (!)

@panther2
Copy link
Contributor

panther2 commented Sep 21, 2017
edited

Good points, too, @guillaumevincent

@jtdoepke
Copy link
Author

  • don't use those sites (imagine the quality of their system)

Heh, very true. Unfortunately the most common offenders I've noticed are banks, government sites, etc.

@guillaumevincent
Copy link
Member

I close this one, for all the reasons described above.
If you use LessPass Database:

  • increase the counter for those sites to find a password without excluded special chars.
  • remove special char and add the same one every time

None of the sites agree on the minimal symbols set. So even if we add an option with a small list of symbols, it may not solve the problem.

@edouard-lopez edouard-lopez mentioned this issue Jan 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🎨 ux 🔒 security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jtdoepke @guillaumevincent @edouard-lopez @panther2