<div dir="ltr">(Bah, resending because GMail didn't reply-all...)<br><br><div>This is possible today, with HTML5 form validation:<br><br><input type=password pattern="hunter[0-9]{2}"><br><br></div><div>(Exact regex left as an exercise to the reader, and now you have two problems.)<br></div><div><br></div>We
can certainly suggest it as a best-practice, but I think the bigger
problem is that I'd only expect a tiny minority of sites to actually
adopt it. Just like it's relatively easy for sites to work well with
even basic password managers today, yet many don't bother. So we'd still
need to have UI to give the user control over what needs to be in the
generated password. (Although it's perhaps interesting to think about
being sloppy here -- it might be sufficient to suggest a good "base"
password, and let the user make use of their keyboard to adjust it as
needed.)<br><br>Also, a regex isn't really a good fit for password managers, because
it's basically impossible to map that back into generation requirements.
You essentially just have a pass/fail blackbox for validation. You
could instead invent some way to express requirements in a
machine-readable format, but the same problems around adoption apply.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 18, 2015 at 12:34 PM, Ryan Feeley <span dir="ltr"><<a href="mailto:rfeeley@mozilla.com" target="_blank">rfeeley@mozilla.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>Fellow unique characters,</div><div><br></div><div>One thing that can make password generators work better is if they can understand the password requirements of a site.</div><div><br></div><div>I came across these requirements today which had both me and my password manager choking:</div><div><a href="https://www.dropbox.com/s/7wn7xy1svrz82fq/password-requirements-voip-ms.png?dl=0" target="_blank">https://www.dropbox.com/s/7wn7xy1svrz82fq/password-requirements-voip-ms.png?dl=0</a></div><div><br></div><div>What if registration forms could link to a regex of their password requirements that password generators could read?</div><div><br></div><div>Something like this: <a href="http://regexlib.com/Search.aspx?k=password" target="_blank">http://regexlib.com/Search.aspx?k=password</a></div><div><br></div><div>The other variables I’ve seen include not using whole or parts of a previous password, or the username.</div><div><br></div><div>I’m not sure how to go about it, but this is a standard that would improve all password managers. Would this be something Mozilla would take on?</div><span class="HOEnZb"><font color="#888888"><br><div>
<div><div>Ryan Feeley</div><div>UX, Cloud Services</div><div>Mozilla UX</div><div>IRC: rfeeley</div></div>
</div>
<br></font></span></div><br>_______________________________________________<br>
Passwords-dev mailing list<br>
<a href="mailto:Passwords-dev@mozilla.org">Passwords-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/passwords-dev" target="_blank">https://mail.mozilla.org/listinfo/passwords-dev</a><br>
<br></blockquote></div><br></div>