Bug #20740

All error messages for weak user password should be generated as 'warning' not as 'error'

Added by Marek Hulán over 1 year ago. Updated 11 months ago.

Target version:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:


Cloned from

Description of problem:

while creating a new user when you enter a weak password like:

Scenario 1
Login: Test_User
Password: Test_User
Error_Message: "Your password cannot contain your username"

Scenario 2
Login: Test_User
Password: 1
Error_Message: "Your password is too short"

Scenario 3
Login: Test_User
Password: 1234567
Error_Message: "Your password contains sequences"

so generated message shouldn't be in "Red" color. This is because generally all error messages appears in red. So color should be orange or something but not red. Moreover, even the message appears, on clicking submit button, user is being created. So considering this that message should be just a warning.

And best part would be to add "warning" keyword before all such messages. And messages should be rephrased w/ "should"

like: Warning: Your password should contains sequences

like: warning: Your password should not contain your username

Thanks Alex for pointing this issue.

Additional info:

From UX demo, following was captured: Password authorization - Weak/Normal/Strong visualization would not pass 528 compliance for those visually impaired. The colors associated with each strength level seems mismatched. For example: Normal is red. A red status as well as form field highlight indicates an error. Weak is grey, and also possibly not high enough contrast for the visually impaired. The solution may be to simplify the password strength to text only, “Weak Password, Strong Password”. Also - greater thought or discussion could be had around “Normal” or “Strong”. If a “Normal” indicator is shown, does this actually change user behavior in the same way “Weak” does? Perhaps only “weak” is needed.

Related issues

Related to Foreman - Refactor #21170: move password_strength.js file to webpackClosed2017-10-02


#1 Updated by Tomáš Strachota over 1 year ago

  • Subject changed from All error messages for weak user password should be generated as 'warning' not as 'error' to All error messages for weak user password should be generated as 'warning' not as 'error'
  • Target version set to 115

#2 Updated by Ohad Levy over 1 year ago

  • Related to Refactor #21170: move password_strength.js file to webpack added

Also available in: Atom PDF