Comment by saulpw

2 days ago

Why does it require mixed-case? It's for TODOs, not healthcare. If I want to use my insecure password to try out your service, please let me! It took extra code here for you to try to be secure, when it's now generally known that password requirements are security theatre at best and anti-security at worst.

2 comments

saulpw

Reply
mschaef  2 days ago

Thank you for the feedback. A month ago, it didn't need any text in the password field at all. I may have overshot the mark a bit when I added validation.

Longer term, I mainly want it to just use external auth (Google, etc.) and not use passwords at all.

  • celsoazevedo  2 days ago

    > Longer term, I mainly want it to just use external auth (Google, etc.) and not use passwords at all.

    I usually avoid services that do this because I don't want any issues to my Google account (or any other service) to affect other services I use. Good luck trying to talk with someone at Google if some automated system flags and blocks your account.