Password rules in the Cardano wallet. Why?


#1

So I just went to make a wallet in the Cardano software, and when I selected to enter a password, I was prompted with: “Note that password needs to be at least 7 characters long, and have at least 1 uppercase, 1 lowercase letter and 1 number.”

Seriously?

I would have thought that a team with such credentials would realize that password security has everything to do with length of the password and nothing to do with the character types. I know this is something really basic but it feels somewhat amateurish. Any chance in the future this will be amended?


#2

I thought exactly the same, maybe it was some off the shelf plug in ?


#3

Good point, this is maybe a sharp edge that was left behind.
As well as another ux issues, like the not show a assertive message on what the wallet is doing or trying to do. Or on application low level execution information. Or error and fail recovery.
Meh, there is a lot to enhance indeed.


#4

So your point is that asking for this criteria’s wouldn’t prevent dictionary guessable passwords like “freeman” “12345678” “qwerty” or “Amelie” ?


#5

Have you open a github issue or submit a pull?


#6

Never done either of those things. Can you explain how?


#7

Maybe they just didn’t want to confuse between password and passphrase


#8

The 7 characters long, 1 upper, 1 lower and 1 number is just a MINIMUM requirement. Users can make them as complex as the wish to some extent. Maybe the MAXIMUM level of complexity should be published.


#9

Regarding maximum complexity: is there a known upper bound on the number of characters?


#10

Good question. I do not know what they are.