Skip to content

Follow up -- Set a weak password threshold for "forbidden substrings" MR

@jprovaznik !105755 (comment 1193867151)

A potential downside is that if I just include "ProvaznikProvaznikProvaznik...." in the password, then it's skipped even if it's weak. On the other side I would say this is an extreme edge case (there is no point in trying to generate sp long password which is weak at the same time).

As you suggest in alternatives checking "weak substring" length vs overall length, might be more sophisticated approach, but I agree it's not necessary.

@jessieay !105755 (comment 1193751622)

Suggestion (non-blocking) it might be helpful in this comment to mention that this number was chosen somewhat arbitrarily, the key factor being that User.random_passowrd is longer than 64 chars

Raising this follow up issue since we needed to get !105755 (merged) merged in ASAP, so had to leave the comment above unaddressed in the first iteration.

Relates to #384336 (closed)

Edited by Jennifer Li