← Back to context

Comment by throwawaylaptop

1 day ago

I tried '4famplan4' as my password just to try it, and it said password insufficiently complex so I backed out. :(

4 comments

throwawaylaptop

Reply
mschaef  1 day ago

Thanks for trying. (It expects mixed-case, which I need to actually say in the messaging.)

The codebase started out as something I used entirely myself, so the aspects of the workflow that relate to new user onboarding (most important for actually getting customers) are the ones that are the weakest. So this part of the codebase is where I'm working now to clean it up and it's probably also the most rough.

  • saulpw  21 hours ago

    Why does it require mixed-case? It's for TODOs, not healthcare. If I want to use my insecure password to try out your service, please let me! It took extra code here for you to try to be secure, when it's now generally known that password requirements are security theatre at best and anti-security at worst.

    • mschaef  20 hours ago

      Thank you for the feedback. A month ago, it didn't need any text in the password field at all. I may have overshot the mark a bit when I added validation.

      Longer term, I mainly want it to just use external auth (Google, etc.) and not use passwords at all.

      1 reply →