Easy-to-read and pronounceable policy hides "at least n" controls
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
#1231 Easy-to-read and pronounceable policy hides "at least n" controls
In Password Safe v3.35, on Windows 7 Ultimate, SP1, 64-bit ...
When editing a password policy if I tick Easy-to-read or Pronounceable, the "at least n" controls are hidden (not just grayed/read-only). This is seems unlikely to be by design, because:
- in most other similar scenarios (eg tick Hexadecimal), relevant controls are disabled rather than hidden
- even with easy-to-read or pronounceable passwords I might still want to specify the minimum number of each upper case, lower case, digits, symbols
I've made the following changes in commit 77689a1:
- Controls are disabled, not hidden, giving a more uniform behavior.
- easy-to-read works with "at least". Unfortunately, this isn't possible for pronounceable passwords, so that constraint remains.
http:/pwsafe.org/tmp/pwsafe-3.35.1.exe updated, please give it a spin.
With 3.35.1.exe from https://sourceforge.net/p/passwordsafe/bugs/1231/#e59d ...
(All tests here were done with Ctrl-P to generate password, unless stated otherwise.)
Enabling Easy-to-read or Pronounceable leaves the controls visible, and Pronounceable disables "at least", as expected. However:
- If Pronounceable is ticked, then Use Lowercase etc is unticked then reticked, the "at least" control is re-enabled (but apparently ignored).
Probably related:
I have Easy-to-read and Pronounceable unticked, and only Digits ticked. (All numeric passwords are generated, as expected.)
I try to tick Pronounceable and it says "must contain lower or upper or both" - fair enough, so I tick Use Upper, then Pronounceable, and generate a few passwords. It seems to work as expected.
Then I untick Use Uppercase again, leaving Pronounceable ticked. No messagebox tells me that this is not allowed. Generate a few passwords - they all have lower case letters (which is not ticked) and digits.
(I can also do the same sequence to set the default policy to Pronounceable, digits only, but get lower case letters in my passwords.)
Possibly you need to call the "consistency check" function to check ALL controls when ANY control is changed. (I'm a software engineer myself, so I know this sort of sanity checking is not fun!)