[keycloak-dev] Update password user experience

[Stan Silvert]

This comes up fairly often and we are planning to do something about 
it.  I suggest that you add your feedback here and vote up the JIRA:
https://issues.jboss.org/browse/KEYCLOAK-7284

Stan

On 12/7/2018 5:44 AM, Guilhem Lucas wrote:
> Hello,
>
> Currently, a user choosing a password that violates password policies is
> notified for the first failing policy only. The user needs several attempts
> to find a valid password by discovering password policies one by one.
> I think that this is a bad user experience that could be enhanced by one of
> the following improvements.
>
> 1 - Display password policies in update password form
> Account and login Freemarker template provider could be modified to add a
> "policies" attribute in template context. This could be done by completing
> the RealmBean object with a passwordPolicies property that contains the
> list of enabled password policies.
> This new property could then be used in templates to display password
> requirements.
> For example:
>
> Your password must:
> - contain at least one symbol
>
> - contain at least one lower case character
>
> - have 8 characters minimum
> - not be equal of any of last 3 passwords
>
>
> 2- Report all failing policies
> Templates are already designed to display a list of errors. Instead of stop
> password validation on first policy error, it could be possible to continue
> validating other policies and return a list of errors. This list can be
> added to the template using the existing LoginFormsProvider#setErrors()
> method.
>
> Do you plan to add such improvement in a future release?
>
> Thank you.
>
> Guilhem Lucas
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev