Hi,
at the moment, app passwords look like AAAAA-BBBBB-CCCCC-DDDDD
and users have to enter that exact string as password for their devices/apps.
How about allowing users to enter their app password in lower case? E.g. aaaaabbbbbcccccddddd
should work too. Additionally, omitting the dashes (e.g. AAAAABBBBBCCCCCDDDDD
) could be allowed as well.
@LukasReschke any objections security-wise?
So basically we’re talking about taking 52^20 down to 26^20 which is:
20896178655943101411324274803736576
vs
19928148895209409152340197376
which is 6 orders of magnitude less possibilties.
If this idea is good form a usability PoV I’d say let’s require 25 places then, e.g. AAAAA-BBBBB-CCCCC-DDDDD-EEEEE which amounts to 236773830007967588876795164938469376 possibilities (one order of magnitude higher than the upper and lower case combination)
2 Likes