Bug #20740
openAll error messages for weak user password should be generated as 'warning' not as 'error'
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1450051
Description of problem:
while creating a new user when you enter a weak password like:
Scenario 1
Login: Test_User
Password: Test_User
Error_Message: "Your password cannot contain your username"
Scenario 2
Login: Test_User
Password: 1
Error_Message: "Your password is too short"
Scenario 3
Login: Test_User
Password: 1234567
Error_Message: "Your password contains sequences"
so generated message shouldn't be in "Red" color. This is because generally all error messages appears in red. So color should be orange or something but not red. Moreover, even the message appears, on clicking submit button, user is being created. So considering this that message should be just a warning.
And best part would be to add "warning" keyword before all such messages. And messages should be rephrased w/ "should"
like: Warning: Your password should contains sequences
like: warning: Your password should not contain your username
Thanks Alex for pointing this issue.
Additional info:
From UX demo, following was captured: Password authorization - Weak/Normal/Strong visualization would not pass 528 compliance for those visually impaired. The colors associated with each strength level seems mismatched. For example: Normal is red. A red status as well as form field highlight indicates an error. Weak is grey, and also possibly not high enough contrast for the visually impaired. The solution may be to simplify the password strength to text only, “Weak Password, Strong Password”. Also - greater thought or discussion could be had around “Normal” or “Strong”. If a “Normal” indicator is shown, does this actually change user behavior in the same way “Weak” does? Perhaps only “weak” is needed.