I have come across a few sites where the generated passwords are not considered "strong enough" because they don't contain a special character. One such example is credit karma. I've attached a screenshot of the error thrown when I chose to generate the password with Chrome.
I've seen this a few times, now, where we always fail because of a lack of a special character.
Does it make sense to ensure that all generated passwords hit on the common set of requirements around the web, e.g.:
* min length
* at least one uppercase
* at least one lowercase
* at least one digit
* at least one symbol
I know we can't hit all use cases, though...
|
Deleted:
Screen Shot 2017-01-30 at 1.01.05 PM.png
40.5 KB
|
|
|
Screen Shot 2017-01-30 at 1.01.05 PM.png
40.5 KB
View
Download
|
|
Comment 1 by kolos@chromium.org
, Feb 2 2017