Getting Qualified Passwords for Ameli.fr
Password requirements of Ameli.fr (French national health insurance)
- The password must be more than eight characters, but you cannot use more than 13 characters.
-
You can only use digits.
-
You cannot use your birthdate or your login.
-
You cannot use a sequence of numbers (if your password happens to contain 56 or 89, it will be rejected). You cannot repeat the same character (if your password includes 22 or 55, it will be left)
Each password manager gets ten stars at the beginning and has ten times to generate suitable passwords. They will lose one star for one unqualified password, two stars for two unqualified passwords, and so on. They might also lose extra stars due to its inconvenient setting.
Setting process of each password managers
Bitwarden: 0 star
It lost 10 stars (10 stars for 10 failures).
When generating password, users first needed to change the password length to 12. Honestly, it was annoying to drag the thumb of the seekbar to the exact numbers(lost 1 star here).
Then we only chose digits as password components. However, no one password was qualified since there were always the same numbers.
Enpass: 0 star
It lost 10 stars (10 stars for 10 failures).
A similar situation can be seen in Enpass. What difference were users needed to change the digits number to 12 exactly besides choosing the digits as the password components. Otherwise, there might be passwords mixed with letters and digits. No qualified passwords at all since there was always a sequence of characters or the same numbers in passwords.
LastPass: 0 star
It lost 10 stars (10 stars for 10 failures).
There were no qualified passwords since there was a sequence of numbers or the same characters.
KeePassium: 0 star
It lost 10 star (for 10 failures).
When generating passwords, we only chose digits as passwords and set the maximum number of identifical characters repeating as one. Although there was no repeat numbers like “33” in the passwords, there existed numbers like “23” or “54” in ten times trying.Therefore, there were no qualified passwords.
KeePass DX: 0 score
It lost 10 stars(for 10 failures).
Chose digits as password components to generate passwords, and there were no qualified passwords.
KeePass XC: 0 score
It lost 10 stars (for 10 failures).
The same situation (in KeePass DX) can be seen in KeePass XC, so it also lost 10 stars for 10 failures.
Zero Password Manager: 1 star
It lost 9 stars (9 stars for 9 failures).
Zero password managers can stop the same characters on the passwords by not choosing the pattern aa. Therefore there did no exist the same characters in passwords. However, there always still exists a sequence of numbers in passwords. Luckily, Zero Password Manager generated one qualified password (See picture below).
