Closed Bug 959794 Opened 11 years ago Closed 11 years ago

Validate password length

Categories

(Firefox for Android Graveyard :: Android Sync, defect)

Product:
Firefox for Android Graveyard
Component:
Android Sync
Platform:
All
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox29 verified)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox29 --- verified

People

(Reporter: pdehaan, Unassigned)

References

Details

(Whiteboard: [qa+])

Attachments

(1 file)

Screenshot_2014-01-14-13-06-10.png
(deleted), image/png
Details
Attached image Screenshot_2014-01-14-13-06-10.png (deleted) — 
Steps to reproduce:
1. Download and install http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/nalexander@mozilla.com-60c48d4ed251/try-android/
2. Goto (Android) Settings > Accounts > Add account > Firefox Account
3. Enter a valid email address format (peter@foo.com)
4. Enter a short password "ab".
5. Click the Create Account button.


Actual results:
Account is seemingly created with an invalid password length.


Expected results:
We should validate password length locally before sending to server and display a solid error message.
Chris, is there a defined minimum password length for FxA?
Flags: needinfo?(ckarlof)
OS: Mac OS X → Android
Hardware: x86 → All
Summary: must validate minimum password length → Validate password length
8 character minimum. No additional restrictions.
Flags: needinfo?(ckarlof)
Should be fixed by Bug 951304.  QA verification appreciated.

On create, the button should be disabled until the password is >= 8 characters long.  When signing in, the button should be disabled until the password is >= 1 character long.  This choice was made because the mocks I have don't show text about password length on sign in, and it's very strange to not have the button enabled immediately.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Flags: in-moztrap?(fennec)
Keywords: verifyme
QA Contact: aaron.train
I thought we also had a 64 char max limit?
"No additional restrictions." -- does that mean no max length?
Flags: needinfo?(ckarlof)
Status: RESOLVED → VERIFIED
status-firefox29: --- → verified
Keywords: verifyme
(In reply to Richard Newman [:rnewman] from comment #6)
> "No additional restrictions." -- does that mean no max length?

We could consider doing that, but we send over a fixed length hash of the password to the FxA auth server, so there aren't DOS issues related to long passwords.

I don't see much upside in a max password length restriction at this point, other than preventing the user from creating a bad UX for themselves by choosing a 1000 char password.
Flags: needinfo?(ckarlof)
Product: Android Background Services → Firefox for Android
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: