Detect failure to pass Password Policy

ken1 · 2024-12-14T15:40:21.431Z

I am planning to use a password policy. If I later change the policy to make it more strict, then current passwords will fail.

Right now, if that happens, I am redirecting the user to the index page. But is there some way to detect that this has occurred so that I can present the user with information about why they were redirected there? Or do I need to build a use specific page to reset the password and redirect to that page?

Basically, I’m asking if there is a way to detect when Bubble rejects a password for not meeting the password policy set in the app.

Thanks!

rico.trevisan · 2024-12-14T16:07:26.381Z

I wonder if you’re looking for something like this: https://nocode-to-knowcode.bubbleapps.io/version-test/password_checker

ken1 · 2024-12-14T16:14:13.311Z

Thank you for the reply. That’s not exactly what I’m asking. I actually found this article from a different post in this forum:

nocodable-components.com

How to build a bubble.io password strength indicator ? (without plugin) -...

In this article you will learn how to implement a password policy in Bubble and how to create a password strength indicator for your users, without any plugin.

What I’m asking is this:

If I make my policy more stict AND the redirect is set to either the index page or my password reset page, I want to give the user feedback about why they were redirected there.

We updated our Password Policy to make your account safer. Please create a new password to continue using the app.

Or something like that. But it should not say this, of course, if they simply choose to change their password on their own. So, how can I detect that Bubble has rejected a password because it did not meet the current password policy? This is where I’m stuck.

Thanks.

I just looked at your example. Nice! I like this better than the implementation in the article. I assume you don’t mind if I model my app’s password checker on it (since you posted it)?

Thanks.

georgecollier · 2024-12-14T21:08:27.896Z

You cannot know if an existing user’s password doesn’t meet your new password policy, because you cannot know their actual password (a password isn’t stored as a text - roughly speaking, it’s hashed, and when you enter your password, that’s also hashed so you compare the hashes rather than the password).

ken1 · 2024-12-14T22:27:15.631Z

Thanks for the reply. Of course I know I can’t get the password, nor do I want to. But if I change my policy and a user does not yet meet that policy, then Bubble will reject it and redirect them to the page I assign (where they can reset their password and pick one that does conform).

My question is how can I check if they arrived at that page because Bubble rejected the new password.

Here is another scenario:

They are not logged in.
I change the policy.
They attempt to login.
They are redirected back to the index page (because they are not logged in and should not have a “reset” password page in case they are not the actual user for that account.)

In this case, the screen just stays on the index page and the user has no idea why. I need some sort of flag so I can provide information that they need to update their password. Does Bubble have anything in this process to indicate that the password did not meet the policy that I can use to know when to provide the user with more information?

If not, how are others handling this?

georgecollier · 2024-12-14T22:35:19.467Z

ken1:

I change the policy.

They attempt to login.

They are redirected back to the index page (because they are not logged in and should not have a “reset” password page in case they are not the actual user for that account.)

Are you sure this is what happens? I doubt password policy changes will prevent a user from logging in, but I’ve never tried.

boston85719 · 2024-12-15T04:09:03.229Z

How to verify a password input Tips

I wanted to share what I put together for verifying a password. I spent some time looking through blog posts about proper user experience design for forms And took that suggestion numbers 14,15,16 and 17 would help users greatly when signing up and creating a password according to the settings I’ve placed on my app. [Screen Shot 2020-01-14 at 3.25.34 PM] This is what I came up with: [password verify] My intention on this tip is not to provide all steps, but rather the things I found to b…

ken1 · 2024-12-16T21:56:24.712Z

georgecollier:

Are you sure this is what happens? I doubt password policy changes will prevent a user from logging in, but I’ve never tried.

The reason I created this post is because this is exactly what happened. It didn’t occur right away because I had the “Stay Logged In” set to Yes.

But once that cycle required the user (me) to re-enter my password, I was on the login page and every time I submitted my username/password, it just kept me on the login page (which is my Index page – also the page that the user was redirected to when they have not changed their password).

So I was looking for a way to detect when this mechanism has been triggered so that I can inform the user about what to do.

I think I’ll just need to create a new page for resetting the password when they are redirected and it can have the instructions there. I do already have a password reset page, but right now the user gets to that when they elect to reset their password, or forgot it. I just wanted to have a way to inform the user.

Of course, I will announce password policy changes if I set those, but we all know that not everyone reads the emails or looks at the in-app notices.

Anyhow, thanks everyone for the help.

boston85719 · 2024-12-17T06:14:47.506Z

ken1:

I just wanted to have a way to inform the user.

Use the approach in the link I posted. It is a solid approach to showing the user the password policy (I hate it when a password I enter doesn’t meet a sites policy but they don’t tell the policy) as well as showing them when they have completed each portion of the policy individually and avoids errors by detecting spaces in the password.