Low priority Login/Authentication issue/quark.

[paperblankets]

Hi, First off, I've been using Asuswrt-Merlin for quite a few years now and wanted to say thanks to @RMerlin
for all the hard work that has been put into keeping some older, but fully functional if not competitive hardware running very well (Not to mention the constant stream of updates in response to CVEs).

Anyway the reason for this post, is once a year or so, when I roll passwords I end up locking myself out of my router due to a mix of stupidity, and user experience.

The Advanced System Content screen does not list username and password requirements for the user account, which results in me entering a dicephrase username that is over the maximum 20 characters, and a password that is over the maximum 16 characters.
After this, panic ensues as I attempt to figure out what I did. This only seems to happen every 1 in 12 times, but I have to imagine it happens to others too.

Some extra information around the the username and password fields in the Advanced System Content screen could go a long way I think (Without the complicated effort of building some custom widget around the fields that could cause its own issues). If this quark is worth a change or is fine as is, thanks for all the hard work!

 

[RMerlin]

I'll see if limitations could be displayed on the page.

 

[Sephula]

Personally, I use KeePass2 to generate and store random 16 char passwords for my router logins. I highly recommend it, along with the added ability to backup your database to the cloud. Even Dropbox is safe to use, because the database is encrypted prior to transport. You can create password templates in the password generator for each of the different services's requirements. Some allow 20 chars, and some are stuck on 16, so I have different templates for each.

I also use it to generate and store my WPA2 PSKs & SSIDs. In fact, it's beneficial to use random SSIDs, because of the way WPA2 computes you password along with your SSID in order to derive your encryption key. Just keep your maximum PSK length at <= 63. Using the KeePass database, I can easily and securely transfer those keys to all of my devices (Except the TV and IoTs devices). I just copy and paste it. Plus, they all sync to my Dropbox so they all update at once, as soon as I hit the save button.

 

[RMerlin]

Limitation is currently shown if you click on "New Password" to get the popup help. You also have a "Show password" checkbox that allows you to confirm what you just entered.

 

[paperblankets]

Personally, I use KeePass2 to generate and store random 16 char passwords for my router logins. I highly recommend it, along with the added ability to backup your database to the cloud. Even Dropbox is safe to use, because the database is encrypted prior to transport. You can create password templates in the password generator for each of the different services's requirements. Some allow 20 chars, and some are stuck on 16, so I have different templates for each.

I generate my passwords with 1Password, I don't have a problem generating/retrieving/saving them. I have issues with password inputs that simply truncate passwords to meet requirements, instead of disabling submission when the length, or content of the password does not meet requirements. Like I said if I have this issue with Asuswrt-Merlin the impact is pretty minimal, I reread the password requirements, and shorten the password in 1Password manually and the world keeps spinning.