Wednesday, July 25, 2018

Password Rules / UITextInputPasswordRules

Mattt Thompson:

WebKit engineer Daniel Bates submitted this proposal for consideration to the WHATWG on March 1st. On June 6th, the WebKit team announced Safari Technology Preview Release 58, with support for strong password generation using the new passwordrules attribute. This announcement coincided with the release iOS 12 beta SDKs at WWDC, which included a new UITextInputPasswordRules API, along with a number of other password management features, including Security Code AutoFill and federated authentication.


Apple’s Password Rules Validation Tool allows you to experiment with different rules and get real-time feedback of their results. You can even generate and download passwords by the thousands to use during development and testing!


On iOS, you set the passwordRules property of a UITextField with a UITextInputPasswordRules object (you should also set the textContentType to .newPassword while you’re at it)[…]

Previously: Minimum Password Lengths.

2 Comments RSS · Twitter

I am right being afraid that this encourages more websites to specify these convenient rules, telling me that a 8-char pw with upper and lower case alphas, digits and symbols is required even though my 3-random-word pw is just as good, and easier to type, but I can't use it due to those too-specific rules?

The idea is that you don't type these passwords at all — they get generated and stored in a password manager (including Apple's own). This saves you having to carefully adjust the password generation rules in your password manager to match the Web site’s.

The issue of overly prescriptive password rules is pretty much independent and unfortunately will take quite a bit more "unlearning".

Leave a Comment