You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We handle site-specific words (e.g., "pittsburgh" in the demo) by removing them from the password before further scoring the password.
Subsequent heuristics can thus be operating on an empty password, resulting in strange feedback. (Note: to reproduce the example below, set "active: false," in the "forbidPasswords" part of the composition policy in /example/index.html)
The text was updated successfully, but these errors were encountered:
The cause is that we effectively give "zero credit" for site-specific words by removing them from the password before further evaluating it... which is why steelers22 has length 2 as far as the other parts are concerned
It's an interesting problem, and I have no pretty idea of how to solve it short of building a site specific NN. ("pretty" and "tenable" are not always the same.)
I wonder what would happen if you replaced site specific words with a string that yields close to zero credit, such as "password" or "123". This isn't a very principled way to deal with the problem, but it at the cost of some accuracy, it might have less perverse side-effects.
We handle site-specific words (e.g., "pittsburgh" in the demo) by removing them from the password before further scoring the password.
Subsequent heuristics can thus be operating on an empty password, resulting in strange feedback. (Note: to reproduce the example below, set "active: false," in the "forbidPasswords" part of the composition policy in /example/index.html)
The text was updated successfully, but these errors were encountered: