+1
Declined
Password character count
Wouter van der Post 7 jaar geleden
in Applications / i3 Pro
•
bijgewerkt door Aleksandr Romanov (CTO) 7 jaar geleden •
7
Hello,
In version 1.1.6 you've added a function to validate passwords (IR.ValidatePassword), thanks for that!
In our passcode visualization we have circles to show the keys pressed, this works exactly like on an iPhone.
Can you add a function to get the password character count? I can use that to build the screen layout.
Sample
var passwordLength = IR.GetPasswordCount(pwd_number);
If in the project settings the password is not specified, the method will return -1;
Customer support service by UserEcho
Alexander,
Please can you answer this question?
Wouter is waiting for it.
Thanks
Theo
Hello,
we discus it with Wouter on ISE.
It's not a good solution to suggest the length of the password to the user. Because prompting the length of the password we simplify the task of password selection by an attacker.
We not have any plans to implement this features.
Hello Aleksandr,
Yes, we discussed it but at that time you didn't tell me that you were not going to implement this feature.
On an Apple device you also see the length of the password (using the same interface as I've built), and I don't think a company like Apple would implement something like that if it was a security issue...
Besides, we're talking about a touchscreen interface, not a banking application ;)
If you compare with Apple, then:
1. Apple does not give applications the ability to know how many characters in the password ;)
2. Security is achieved by blocking after several attempts.
I think that the smart home application is more dangerous than the banking one - because unauthorized management of the house is not only a matter of privacy of information, but also a real threat to life.
1. I'm talking about the lockscreen, not an app.
2. This feature can be build as well, call the new ValidatePassword several times with an incorrect password and let i3 wait for x-time (increasing after each failed attempt)
But I'll just keep my own JS to handle/serve the password UI instead of using the ValidatePassword function + i3 Pro built-in password management, this way the password is in plain text inside the JavaScript... much nicer solution right?
Of course not, I agree that it's better to use internal application methods. But understand that, in addition to you, no one asked about this possibility. This is a matter of priorities and if only one person asks for a new opportunity, and in the past six months no one has addressed such a request, any doubt of expediency (and a security issue is a good "doubt") lead to the cancellation of the task.
EDIT: I misunderstand the topic
code below is just password length of what user input
#####################################
I solve it this way: