Feature request: instead of asking users to enter a password for new/reset password creation, or as a button to simplify the process, could we have something that would suggest a good strong password?
Description
Event Timeline
@dr0ptp4kt: I'm looking at https://phabricator.wikimedia.org/T100706 and https://phabricator.wikimedia.org/T173055 and wonder if this task is somehow related. Or not. Care to elaborate? (In general, tasks with no task description at all make it hard to get a grip, especially a few years later.)
@Aklapper, both @aaron and @KevlarEnvelope capture an essence similar to my thought around CAPTCHAs and rate limiting.
The suggested password thing: I've wondered if instead of asking users to enter a password for new/reset password creation we could just have something that would suggest a good strong password instead, so they could copy-paste it. But I don't know if from a UX perspective this might be acceptable (@Nirzar ?), or even if designed well it would be passable from an appsec perspective (@dpatrick ?).
Should I rename this task to "Suggest strong passwords" and move the content to the main Description?
@dr0ptp4kt: Might make it a bit clearer what this task is about (and how it's related to other existing tasks), yesh! :)