It might not sound like a priority, but I do think that it is something that could be implemented for the safety of thousands. Alright, so after a bit of research, I've noticed that a lot of people still use “password” or “123456” or other similar awfully bad passwords… in 2018.
I think that when we're making a password and that it is too weak, there should be a popup saying:

I know that it already says that your password can't be “password”, but it will let it be “123456”, “passw0rd”, “password123”, “wordpass”, “enterr”, “letmein”, etc. There could perhaps be a database of weak passwords, and if what we entered is in it, the box appears. I strongly recommend checking out Cracklib.

Also, I have another suggestion. I see that you made it so that passwords have to be at least 6 characters long. That's good! - but not good enough.

For a long time, the common thinking was that the best, most practical passwords consisted of a random combination of upper and lower-case letters, numbers, and a special character or two. If so composed, password length needed to be only eight characters.

Randomness remains important, but as it turns out, size matters more.

Source: here

According to the website above, “A password today should have a minimum of 12 characters, and ideally, 16 or even more.” Although what is said there is true, it is estimated that it could take a supercomputer up to 5 hours to guess an 8-character long password nowadays. Plus, computers are getting better and better; don't forget that technology is evolving! Perhaps that in 10 years, it could take 5 minutes to guess an 8-character long password.
So, that being said, I think that we should raise the minimum password length to 8 (or even 9) characters too.

I agree with this. It could definitely stop/restrict hackers, too.

I agree. But scratch is mostly kids so I guess they thought that they might forget their password. This happens very often. But I agree. This will stop people from hacking other's accounts.

kritav wrote:

I agree. But scratch is mostly kids so I guess they thought that they might forget their password. This happens very often. But I agree. This will stop people from hacking other's accounts.

“correct horse battery staple” is very long and very hard to guess, but really east to remember.
Edit: or they should add to the box a link to this: https://en.scratch-wiki.info/wiki/Password which explains how to make an easily rememberable password that nevertheless, is very strong.

kritav wrote:

I agree. But scratch is mostly kids so I guess they thought that they might forget their password. This happens very often. But I agree. This will stop people from hacking other's accounts.

Most popular web browsers (Google, etc, etc) aswell as devices nowadays will store your passwords, so that's not a problem. I agree that brute forcing passwords is common (not sure why hackers would want to hack Scratch accounts but sure) so, I support.

What does Cracklib do? (I cant download it this is a school computer)
Edit: Just click the source file and saw the description I get it now

CKCG wrote:

(not sure why hackers would want to hack Scratch accounts)

Me neither, to be honest. But we can still go around and try hacking really young people by trying to log in by typing “123456”, “passw0rd”, all that stuff. I know that the odds of being hacked remains low, but implementing this would probably lower the odds even more.

Definitely a no support if it's going to be requiring that your password is strong in order to sign up. Maybe with that database of very bad passwords, but oftentimes people use one password for multiple or all sites they have a password on, and forcing them to make up a new one is problematic if multiple sites do it, so I wouldn't want Scratch to be contributing there. But I'll support for a suggestion to use a stronger password, and not allowing things like password.

Holy Cow, this topic reminded me to change my password
Anyways, Support. It could easily stop hackers who thinks its funny to fool kids' minds with hacking. As technology is getting better and better, we need strong passwords, and I think this would help.

duckboycool wrote:

Definitely a no support if it's going to be requiring that your password is strong in order to sign up. Maybe with that database of very bad passwords, but oftentimes people use one password for multiple or all sites they have a password on, and forcing them to make up a new one is problematic if multiple sites do it, so I wouldn't want Scratch to be contributing there. But I'll support for a suggestion to use a stronger password, and not allowing things like password.

Gotcha. Perhaps instead of a big database; there would just be a list of like the ~1K most commonly used password. Same thing, you can't let your password be part of that list. Would that be a better compromise?
Edit: as well as raising the minimum password char count to 8?

TheAdriCoolManDude wrote:

Holy Cow, this topic reminded me to change my password

lol was your password “password”? XD

NilsTheBest wrote:

duckboycool wrote:

Definitely a no support if it's going to be requiring that your password is strong in order to sign up. Maybe with that database of very bad passwords, but oftentimes people use one password for multiple or all sites they have a password on, and forcing them to make up a new one is problematic if multiple sites do it, so I wouldn't want Scratch to be contributing there. But I'll support for a suggestion to use a stronger password, and not allowing things like password.

Gotcha. Perhaps instead of a big database; there would just be a list of like the ~1K most commonly used password. Same thing, you can't let your password be part of that list. Would that be a better compromise?

TheAdriCoolManDude wrote:

Holy Cow, this topic reminded me to change my password

lol was your password “password”? XD

No, it was actually a 7-character long password of my old YT channel I deleted so I could make a fresh start one day.

TheAdriCoolManDude wrote:

No, it was actually a 7-character long password of my old YT channel I deleted so I could make a fresh start one day.

lol

Support! This suggestion would be very useful to make Scratch safe from hackers, and it would be good practice for kids to get in the habit of using strong passwords, so they can be safe on other websites too

willowmint- wrote:

and it would be good practice for kids to get in the habit of using strong passwords, so they can be safe on other websites too

This is especially what I think one of the consequences would be if it was implemented.

NilsTheBest wrote:

willowmint- wrote:

and it would be good practice for kids to get in the habit of using strong passwords, so they can be safe on other websites too

This is especially what I think one of the consequences would be if it was implemented.

Yep! Overall it would make the internet a safer place

Semi-support

I support because of how this can stop hacking.

duckboycool wrote:

Definitely a no support if it's going to be requiring that your password is strong in order to sign up. Maybe with that database of very bad passwords, but oftentimes people use one password for multiple or all sites they have a password on, and forcing them to make up a new one is problematic if multiple sites do it, so I wouldn't want Scratch to be contributing there. But I'll support for a suggestion to use a stronger password, and not allowing things like password.

No support because of this. ^^^^^

YubNubEwok wrote:

Semi-support

I support because of how this can stop hacking.

duckboycool wrote:

Definitely a no support if it's going to be requiring that your password is strong in order to sign up. Maybe with that database of very bad passwords, but oftentimes people use one password for multiple or all sites they have a password on, and forcing them to make up a new one is problematic if multiple sites do it, so I wouldn't want Scratch to be contributing there. But I'll support for a suggestion to use a stronger password, and not allowing things like password.

No support because of this. ^^^^^

As I stated earlier,

NTB wrote:

Perhaps instead of a big database; there would just be a list of like the ~1K most commonly used password. Same thing, you can't let your password be part of that list. Would that be a better compromise?

bump

original bump, right?

NilsTheBest wrote:

bump

Beautiful image. I may use it.