Greetings, All,
I realize that this is a new feature in beta, but the documentation for new password generation (Password AutoFill) seems somewhat incomplete and inconsistent. I'm filing a bug report, but I'm hoping someone might be able to shed some light here. I'm referring to the following documents:
- Password Rules Validation Tool:
https://developer.apple.com/password-rules/ - Password Rules Documentation:
https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules
- Question: How can square brackets be included as members of a custom <character-class>? Escaping with backslashes doesn't seem to help (at least, it's not accepted as valid by the Password Rules Validation Tool).
- Question: How does the
option actually function? The word "consecutive" can have a few interpretations; it can indicate a repetition of the same character, but it can also imply a run of sequential characters. For example, if I includemax-consecutive:
max-consecutive: 2;
in my rule descriptor string, which of the following would be rejected?
AAA, ABC, 111, 123, ###, #$%
- Issue: The Documentation for
,max-consecutive:
, andmaxlength:
is either scrambled or missing. For example, theminlength:
reference says that it lets you specify the number of consecutive characters, but then later implies that it controls the maximum overall length of the password.max-consecutive:
- Issue: The
option is undocumented, and is only shown in the samples below the reference.minlength:
- Issue: The
option is not documented, nor can it be found in the samples below the reference. The only way to learn of its existence is to enable the option in the Password Rules Validation Tool.maxlength:
- Issue: The syntax "form" in the gray box in the Documentation's Overview section is incomplete. For example, it does not include either
ormaxlength:
as possible options. Do additional options exist that are completely undocumented?minlength:
- Issue: In the Password Rules Validation Tool, it is not actually possible to validate a password against the rules. That is, you can output a list of valid passwords, but you can not enter one (or a list) for validation.
- Issue: Some systems would prefer to blacklist certain character group identifiers, or disallow individual characters included in those groups. A
option should be available in addition torejected:
andallowed:
.required:
Thanks for reading, and for any help you can provide... typing it all out helped me identify the issues. Next stop, RADAR!