You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the current state of the Ushahidi platform, when trying to register an account, users are prompted when their passwords are too weak. However, once they hit the minimum character requirements, weak passwords can still create accounts.
How to Reproduce this behavior
Open the Ushahidi platform (either via a deployment or Localhost)
Click on Login & Signup.
Switch to the Signup view and fill in the form (except the password form).
For the password, fill in something that only meets the minimum length constraints but ignores other constraints (for example "adminooo"). Note: you can copy and paste the example.
You will notice that the password hint suggests that your password is very weak.
Agree to the terms and conditions.
Create an account.
Account creation works.
My proposal
When the password is very weak, users should not be allowed to create accounts so as not to undermine their security.
The text was updated successfully, but these errors were encountered:
Introduction
In the current state of the Ushahidi platform, when trying to register an account, users are prompted when their passwords are too weak. However, once they hit the minimum character requirements, weak passwords can still create accounts.
How to Reproduce this behavior
Login & Signup.My proposal
When the password is very weak, users should not be allowed to create accounts so as not to undermine their security.
The text was updated successfully, but these errors were encountered: