Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

How About Telling Users The Password Policy Before They Get It Wrong?


#1

When resetting a password the required format is not communicated to the user until they make an incorrect entry ‘The given password does not match the configured password policy:
Minimum of 8 characters, must contain at least one lower & upper case character and a number.’

How about telling the user about the policy on the initial password reset screen, allowing them to create a password that matches the policy from the outset.


#2

Thanks for your feedback! We will make sure to look into this and I agree that it makes sense to show this beforehand.

Cheers,
Tobias