{"id":1183,"date":"2015-09-12T20:59:10","date_gmt":"2015-09-13T01:59:10","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=1183"},"modified":"2015-09-12T20:59:10","modified_gmt":"2015-09-13T01:59:10","slug":"password-form-usability-duke-energy","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2015\/09\/password-form-usability-duke-energy\/","title":{"rendered":"Password Form Usability: Duke Energy"},"content":{"rendered":"

When you’re singing up with any online service, picking a password is always trouble. What weird password requirements does this service have? Tonight I had that question with Duke Energy’s sign-up form. Fortunately, they had a Help icon that described the password rules:<\/p>\n

\"Duke<\/a>
Text reads: Password are case-sensitive and must contain at least eight letters or numbers.<\/figcaption><\/figure>\n

OK, minimum of 8 alphanumeric characters. Easy enough.<\/p>\n

I use Password Safe<\/a> as my password manager. I have no idea what any of my passwords are: they are auto-generated random strings. I generated a new random password and entered it into the form:<\/p>\n

\"Duke<\/a>
Text reads: Must be at least eight characters, contain one letter and one number and no special characters.<\/figcaption><\/figure>\n

OK, so the password rules are a little different than what was initially described. But which symbols are special characters<\/em>? And this screen is sending mixed-messages: if the password strength is rated Strong, why is it not valid?<\/p>\n

I updated the password generation rules in Password Safe to generate a new password, assuming that only alphanumeric characters are allowed:<\/p>\n