So I just went to make a wallet in the Cardano software, and when I selected to enter a password, I was prompted with: “Note that password needs to be at least 7 characters long, and have at least 1 uppercase, 1 lowercase letter and 1 number.”
I would have thought that a team with such credentials would realize that password security has everything to do with length of the password and nothing to do with the character types. I know this is something really basic but it feels somewhat amateurish. Any chance in the future this will be amended?
I thought exactly the same, maybe it was some off the shelf plug in ?
Good point, this is maybe a sharp edge that was left behind.
As well as another ux issues, like the not show a assertive message on what the wallet is doing or trying to do. Or on application low level execution information. Or error and fail recovery.
Meh, there is a lot to enhance indeed.
So your point is that asking for this criteria’s wouldn’t prevent dictionary guessable passwords like “freeman” “12345678” “qwerty” or “Amelie” ?
Have you open a github issue or submit a pull?
Never done either of those things. Can you explain how?
Maybe they just didn’t want to confuse between password and passphrase
The 7 characters long, 1 upper, 1 lower and 1 number is just a MINIMUM requirement. Users can make them as complex as the wish to some extent. Maybe the MAXIMUM level of complexity should be published.
Regarding maximum complexity: is there a known upper bound on the number of characters?
Good question. I do not know what they are.