<div dir="ltr">On Wed, Feb 18, 2015 at 9:29 PM, Justin Dolske <span dir="ltr"><<a href="mailto:dolske@mozilla.com" target="_blank">dolske@mozilla.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">(Bah, resending because GMail didn't reply-all...)<br><br><div>This is possible today, with HTML5 form validation:<br><br><input type=password pattern="hunter[0-9]{2}"><br><br></div><div>(Exact regex left as an exercise to the reader, and now you have two problems.)<br></div><div><br></div>We
can certainly suggest it as a best-practice, but I think the bigger
problem is that I'd only expect a tiny minority of sites to actually
adopt it.</div></blockquote><div><br></div><div>I agree with this.<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Just like it's relatively easy for sites to work well with
even basic password managers today, yet many don't bother. So we'd still
need to have UI to give the user control over what needs to be in the
generated password. (Although it's perhaps interesting to think about
being sloppy here -- it might be sufficient to suggest a good "base"
password, and let the user make use of their keyboard to adjust it as
needed.)<br><br>Also, a regex isn't really a good fit for password managers, because
it's basically impossible to map that back into generation requirements.
You essentially just have a pass/fail blackbox for validation. You
could instead invent some way to express requirements in a
machine-readable format, but the same problems around adoption apply.<br></div></blockquote><div><br></div><div>My theory of computation is a little rusty, but every regex can expressed as a DFA. I believe one could generate a random password via doing a random walk on the DFA? <br><br></div><div>It looks like there is a Perl implementation of some sort: <a href="http://search.cpan.org/dist/String-Random/lib/String/Random.pm">http://search.cpan.org/dist/String-Random/lib/String/Random.pm</a> :)<br><br></div><div>-chris<br><br></div><div><br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Feb 18, 2015 at 12:34 PM, Ryan Feeley <span dir="ltr"><<a href="mailto:rfeeley@mozilla.com" target="_blank">rfeeley@mozilla.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="h5"><div style="word-wrap:break-word"><div>Fellow unique characters,</div><div><br></div><div>One thing that can make password generators work better is if they can understand the password requirements of a site.</div><div><br></div><div>I came across these requirements today which had both me and my password manager choking:</div><div><a href="https://www.dropbox.com/s/7wn7xy1svrz82fq/password-requirements-voip-ms.png?dl=0" target="_blank">https://www.dropbox.com/s/7wn7xy1svrz82fq/password-requirements-voip-ms.png?dl=0</a></div><div><br></div><div>What if registration forms could link to a regex of their password requirements that password generators could read?</div><div><br></div><div>Something like this: <a href="http://regexlib.com/Search.aspx?k=password" target="_blank">http://regexlib.com/Search.aspx?k=password</a></div><div><br></div><div>The other variables I’ve seen include not using whole or parts of a previous password, or the username.</div><div><br></div><div>I’m not sure how to go about it, but this is a standard that would improve all password managers. Would this be something Mozilla would take on?</div><span><font color="#888888"><br><div>
<div><div>Ryan Feeley</div><div>UX, Cloud Services</div><div>Mozilla UX</div><div>IRC: rfeeley</div></div>
</div>
<br></font></span></div><br></div></div><span class="">_______________________________________________<br>
Passwords-dev mailing list<br>
<a href="mailto:Passwords-dev@mozilla.org" target="_blank">Passwords-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/passwords-dev" target="_blank">https://mail.mozilla.org/listinfo/passwords-dev</a><br>
<br></span></blockquote></div><br></div>
<br>_______________________________________________<br>
Passwords-dev mailing list<br>
<a href="mailto:Passwords-dev@mozilla.org">Passwords-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/passwords-dev" target="_blank">https://mail.mozilla.org/listinfo/passwords-dev</a><br>
<br></blockquote></div><br></div></div>