I just had a very very tough time registering in the Acquia site which is using the Password Strength module for user registration using randomly generated passwords.

I am using an application called "KeePassX" to generate and manage my passwords. I tend to use long random passwords, but anything I throw at it gets rejected. After 10 solid minutes of trying passwords I settled for an unsafe 7 character password which finally got through. This is quite contrary to the goal of having strong passwords.

Some examples:

  • ny329Uaz59 ;S4`]VyR7NHZpd,h.eRG-P!TM<6QeKd!7"TK4Kx^).?8@^t37_ZgF - rejected: "contains a series of digits".
  • u>C2BG5~M):F">L;/W!"*py-xA~Rj4;p7zjF3 K9m>6h-_YwJ-8P{u${ }wNKfTy - rejected: "has a keyboard sequence"
  • ;6Y-?~QupoN&X(j+-q3+,V>,7~f9Qmti}?y;GV#M 9Fp}s3_ceP9BzEN mW;-6/) - rejected: "contains dictionary words"
  • >y=nEW_g@;Nk~tr, NEVr"4&A)4-*#8Z(&"E[?Aa"T/Xswey@p#,#jm-,A`hY @n - rejected: "contains leet speak"
  • Enter-Freeze-Hesitation-Earth-Park-Represent-10 (from Correct Horse Battery Staple) - rejected: "contains dictionary words"
  • a9b8c7d - accepted!

I would suggest to drop all checks once the password passes a certain safe length, for example all passwords over 16 characters can be considered safe.

Comments

pfrenssen’s picture

pfrenssen
Location Sofia
CreditAttribution: pfrenssen commented
Status: Active » Closed (works as designed)

Nevermind, the form wasn't validating due to another issue - I had a session cookie that was interfering with the form submission.