Increase password readability

This CL increases password readablity by preventing sequences of -- and __ which are rendered as long strokes in some fonts. At the same time it adds some new special characters that are "not scary" ('!' and ':'). Bug: 846694 Change-Id: I19d5b9007725943ac8eafe512339ef85a8c232e5 Reviewed-on: https://chromium-review.googlesource.com/1101208 Commit-Queue: Dominic Battré <battre@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Cr-Commit-Position: refs/heads/master@{#567632}

Increase password readability
This CL increases password readablity by preventing sequences of -- and __ which are rendered as long strokes in some fonts. At the same time it adds some new special characters that are "not scary" ('!' and ':'). Bug: 846694 Change-Id: I19d5b9007725943ac8eafe512339ef85a8c232e5 Reviewed-on: https://chromium-review.googlesource.com/1101208 Commit-Queue: Dominic Battré <battre@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Cr-Commit-Position: refs/heads/master@{#567632}
5f6bbe88 · Dominic Battre · Commit Bot · 5a49da30 · 5f6bbe88
Commit 5f6bbe88 authored Jun 15, 2018 by Dominic Battre Committed by Commit Bot Jun 15, 2018
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

components/autofill/core/browser/password_generator.cc components/autofill/core/browser/password_generator.cc +17 -2

No files found.
--- a/components/autofill/core/browser/password_generator.cc
+++ b/components/autofill/core/browser/password_generator.cc
@@ -33,7 +33,7 @@ constexpr char kUpperCaseChars[] = "ABCDEFGHJKLMNPQRSTUVWXYZ";
 constexpr char kAlphabeticChars[] =
    "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ";
 constexpr char kDigits[] = "23456789";
-constexpr char kSymbols[] = "-_.";
+constexpr char kSymbols[] = "-_.:!";

 // Returns a default password requirements specification that requires:
 // - at least one lower case letter
@@ -71,6 +71,16 @@ PasswordRequirementsSpec BuildDefaultSpec() {
  return spec;
 }

+// Returns whether the password is difficult to read because it contains
+// sequences of '-' or '_' that are joined into long strokes on the screen
+// in many fonts.
+bool IsDifficultToRead(const base::string16& password) {
+  return std::adjacent_find(password.begin(), password.end(),
+                            [](auto a, auto b) {
+                              return a == b && (a == '-' || a == '_');
+                            }) != password.end();
+}
+
 // Generates a password according to |spec| and tries to maximze the entropy
 // while not caring for pronounceable passwords.
 //
@@ -177,7 +187,12 @@ base::string16 GenerateMaxEntropyPassword(PasswordRequirementsSpec spec) {

  // So far the password contains the minimally required characters at the
  // the beginning. Therefore, we create a random permutation.
+  // TODO(crbug.com/847200): Once the unittests allow controlling the generated
+  // string, test that '--' and '__' are eliminated.
+  int remaining_attempts = 5;
+  do {
    base::RandomShuffle(password.begin(), password.end());
+  } while (IsDifficultToRead(password) && remaining_attempts-- > 0);

  return password;
 }