Uploaded image for project: 'Identity'
  1. Identity
  2. ID-210

Update Password Requirements Doc

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Answered
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      The page Setting Password Requirements needs updates regarding:

      • The rules for each password strength.
      • Needs to add 'Very Strong' password strength too.

        1. password-help.png
          password-help.png
          18 kB

            [ID-210] Update Password Requirements Doc

            Jeremy Evans added a comment -

            Hi James,
            Appreciate the feedback. I'm not sure how to resolve the difficulties creating a Good password, we hoped the strength progress bar would allow users to experiment and find what constitutes Good. Unfortunately many users (especially those with non-technical backgrounds) intuitive idea of what a password should be, a single word with a letter and/or symbol after it, is not sufficiently strong that we could call it 'Good'.
            However your issues with Weak seem unexpected, Weak is designed to allow any password at all! Could you expand on what problems you had then?

            Jeremy Evans added a comment - Hi James, Appreciate the feedback. I'm not sure how to resolve the difficulties creating a Good password, we hoped the strength progress bar would allow users to experiment and find what constitutes Good. Unfortunately many users (especially those with non-technical backgrounds) intuitive idea of what a password should be, a single word with a letter and/or symbol after it, is not sufficiently strong that we could call it 'Good'. However your issues with Weak seem unexpected, Weak is designed to allow any password at all! Could you expand on what problems you had then?

            James Dellow added a comment -

            I don't have a solution, but this week we delivered some training for some users of Confluence Cloud who didn't have a background in information technology. Quite a few of them couldn't get past the password creation stage. The password policy was set to Good, so we lowered it to Weak. Even then some ran into problems.

            James Dellow added a comment - I don't have a solution, but this week we delivered some training for some users of Confluence Cloud who didn't have a background in information technology. Quite a few of them couldn't get past the password creation stage. The password policy was set to Good, so we lowered it to Weak. Even then some ran into problems.

            Helen Hung (Inactive) added a comment - - edited

            Hi hboyce, thanks for providing this feedback. As you are probably aware, our password strength complexity is based on a measure of entropy, and not a defined set of particular values for certain measures. For this reason, there's no clear cut ruling that we can prescribe to users to set a password of a particular strength level. Users will need to use a combination of characters, words, symbols, mixed case etc in order to come up with a Very Strong password.

            By 'give up', do you mean you have lowered the policy level to another value, and if so, which one?

            If it helps you, this blog post provides a more technical background to the entropy library we have used: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/; and this is a useful password strength test that helps you break down your password based on the entropy library used: https://apps.cygnius.net/passtest/

            In the meantime, this is the current 'help' text we have with password creation. If you have any suggestions on how we could further make this text more helpful, given the above, that would be great to hear.

            Helen Hung (Inactive) added a comment - - edited Hi hboyce , thanks for providing this feedback. As you are probably aware, our password strength complexity is based on a measure of entropy, and not a defined set of particular values for certain measures. For this reason, there's no clear cut ruling that we can prescribe to users to set a password of a particular strength level. Users will need to use a combination of characters, words, symbols, mixed case etc in order to come up with a Very Strong password. By 'give up', do you mean you have lowered the policy level to another value, and if so, which one? If it helps you, this blog post provides a more technical background to the entropy library we have used: https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ ; and this is a useful password strength test that helps you break down your password based on the entropy library used: https://apps.cygnius.net/passtest/ In the meantime, this is the current 'help' text we have with password creation. If you have any suggestions on how we could further make this text more helpful, given the above, that would be great to hear.

            Hilary Boyce added a comment -

            We can set a strength of Very Strong, but there is no indication either in the interface or the documentation as to what will satisfy this level. We have tried to use it but have had to give up as our staff are failing to create passwords that will meet it and we cannot tell them what will.

            Hilary Boyce added a comment - We can set a strength of Very Strong, but there is no indication either in the interface or the documentation as to what will satisfy this level. We have tried to use it but have had to give up as our staff are failing to create passwords that will meet it and we cannot tell them what will.

              Unassigned Unassigned
              ediel Elisa [Atlassian]
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: