Picto thématique

Rule n° 198 - A mechanism raises the user's awareness regarding their password's level of security

A password must have a minimum level of complexity so that it cannot be easily guessed for malicious purposes. It is advisable to warn the user if the password he has chosen is not complex enough. Some systems even make it possible to inform the user of this on-line while entering the password.

#Security #Development

Goal

  • Inform users of the level of security of their selected passwords and, therefore, the risk of being hacked.

Implementation

Entering the password leads to validation and a response indicating its degree of security, before final submission of the registration form or password change.

Control

In any registration or password change form:
  • Enter a password and ensure that this entry leads to validation and a response indicating its degree of security, before the final submission of the form.
This validation can be more or less strict: check the number of characters, the absence of the account identifier in the password, the type of characters present, etc.

By Opquast - Read the license