5252: Password fields: Have button allowing to auto-generate a password - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5252	Composr	core_form_interfaces	public	2023-01-21 18:43	2023-02-09 22:01

Reporter	PDStig	Assigned To	Guest
Priority	normal	Severity	feature
Status	new	Resolution	open

Summary	5252: Password fields: Have button allowing to auto-generate a password
Description	For password fields, incorporate a button that allows the automatic generation of a password (displayed probably in a JavaScript message with a text field for easy copying). This should be easy to do now that we have crypt.php's get_secure_random_password() which also ensures (if strength is passed as null) the generated password meets the site's password requirements on length and strength. I think this would be a very helpful tool especially on sites that use a higher strength requirement to help alleviate the inconvenience of users choosing their own compliant passwords.
Tags	Type: Security
Attach Tags	(Separate by ",")

Time estimation (hours)	2.5
Sponsorship open

Date Added	Member	Amount Sponsored

Chris Graham 2023-02-09 18:39 administrator ~7893	I'm skeptical about this: shouldn't this just be a browser feature? I use Bitwarden which can do this and I do it regularly. Seems weird for each website to implement its own password generator when the sites have no way of telling the browser/password-manager to save it.

PDStig 2023-02-09 21:26 administrator ~7896 Last edited: 2023-02-09 21:35	I see your point. The idea was that the password generator would guarantee the generated password meets the configured minimum requirements for length and strength on the site, especially since our strength calculator uses a custom algorithm. This is not something that can easily be done on the password manager since we check for more than just length and use of specific character groups (we also check for dictionary words, repeating characters, use of usernames/emails/dob in the password, etc). Most password managers that I am aware of will prompt / allow you to save credentials upon login and sometimes even upon saving a new password.

Chris Graham 2023-02-09 22:01 administrator ~7897	That makes sense.

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2023-01-21 18:43	PDStig	New Issue
2023-02-09 18:39	Chris Graham	Note Added: 0007893
2023-02-09 18:40	Chris Graham	Time estimation (hours)	1 => 2.5
2023-02-09 21:26	PDStig	Note Added: 0007896
2023-02-09 21:27	PDStig	Note Edited: 0007896
2023-02-09 21:35	PDStig	Note Edited: 0007896
2023-02-09 22:01	Chris Graham	Tag Attached: Type: Security
2023-02-09 22:01	Chris Graham	Note Added: 0007897