When I use MagentoCE2.1.4,in the register page,I input a password likes:Cc-2017010 ,then I see the password strength message shows "Strong".
Then,I change the password to 'Cc-20170109',the password strength turn to 'Medium'
It seem strange,why the password between longer,the strength lower.
I know the magento2 use the password strength validation from https://github.com/dropbox/zxcvbn. The register page password strength validation from js 'vendor/magento/module-customer/view/frontend/web/js/zxcvbn.js',but this js file is too much code.Does anyone know what's the matter of this case,how does it work?Is it the bug?
Thats interesting isn't it! I have had a little look and I wonder if the first password is not being seen as a date but the second one is?
If you look here: https://github.com/dropbox/zxcvbn/blob/master/src/matching.coffee
around line 431 it is talking about a date match. Looks like the script sees a "date" as
date_match: (password) -> # a "date" is recognized as: # any 3-tuple that starts or ends with a 2- or 4-digit year, # with 2 or 0 separator chars (1.1.91 or 1191), # maybe zero-padded (01-01-91 vs 1-1-91), # a month between 1 and 12, # a day between 1 and 31.
Your first password doesn't match this criteria but the second one does.
What do you think?
@Stu583 thanks!It's mainly the last 8 numbers match the date_match,so the password strength is degraded,but I also find it's not always the date will result in the password strength degrades,such as password 'cC-ioajfff20170801' is strength is same as 'cC-ioajfff2017080'.May be it matches other checkers,I'm not very clear of the password strength check code,they seem complexer and stronger.