Upgrade to Pro — share decks privately, control downloads, hide ads and more …

「推測されやすい」パスワードを入力させないためにフロントエンドエンジニアができること

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for uidev uidev
August 27, 2023
Programming
13
6.4k

 「推測されやすい」パスワードを入力させないためにフロントエンドエンジニアができること

2023/08/26(土)に開催された Frontend Nagoya #11
のセッションで使用したスライド資料です。

Avatar for uidev

uidev

August 27, 2023
Tweet

More Decks by uidev

See All by uidev
もう ChatGPT からコピペしない!Cursor で実現する AI コーディング術
Avatar for uidev uidev1116
0
57
CMSの現状を知って広がるWordPressだけじゃないWebサイト制作の選択肢
Avatar for uidev uidev1116
0
97
ふむふむと聞くだけで明日から使える! a-blog cmsの小技集
Avatar for uidev uidev1116
0
47
ここを教えてほしかった!初めての a-blog cms
Avatar for uidev uidev1116
0
39

Other Decks in Programming

See All in Programming
Migration to Signals, Signal Forms, Resource API, and NgRx Signal Store @Angular Days 03/2026 Munich
Avatar for Manfred Steyer manfredsteyer
PRO
0
130
へんな働き方
Avatar for Yusuke Wada yusukebe
5
2.8k
どんと来い、データベース信頼性エンジニアリング / Introduction to DBRE
Avatar for nnaka2992 nnaka2992
1
320
Fundamentals of Software Engineering In the Age of AI
Avatar for Dan Vega therealdanvega
2
290
Feature Toggle は捨てやすく使おう
Avatar for gennei gennei
0
240
DevinとClaude Code、SREの現場で使い倒してみた件
Avatar for karia/Y.Hisamatsu karia
1
1.1k
CS教育のDX AIによる育成の効率化
Avatar for ニフティ株式会社 niftycorp
PRO
0
150
nuget-server - あなたが必要だったNuGetサーバー
Avatar for Kouji Matsui kekyo
PRO
0
390
飯MCP
Avatar for Yusuke Wada yusukebe
0
150
Kubernetesでセルフホストが簡単なNewSQLを求めて / Seeking a NewSQL Database That's Simple to Self-Host on Kubernetes
Avatar for nnaka2992 nnaka2992
0
170
Laravel Nightwatchの裏側 - Laravel公式Observabilityツールを支える設計と実装
Avatar for Ryuta Hamasaki avosalmon
1
140
ベクトル検索のフィルタを用いた機械学習モデルとの統合 / python-meetup-fukuoka-06-vector-attr
Avatar for monochromegane monochromegane
2
510

Featured

See All Featured
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
170
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
64
54k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.5k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
Avatar for Mike Taylor tmiket
0
110
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
150
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.9k
Lessons Learnt from Crawling 1000+ Websites
Avatar for Charles Meaden charlesmeaden
PRO
1
1.2k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
Avatar for UX Y'all uxyall
0
220
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
140

Transcript

  1. ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛ ೖྗͤ͞ͳ͍ͨΊʹϑϩϯτΤϯ υΤϯδχΞ͕Ͱ͖Δ͜ͱ ϑϩϯτΤϯυ໊ݹ԰ vol. 11 2023/08/18

  2. ༗ݶձࣾΞοϓϧοϓϧ ϑϩϯτΤϯυΤϯδχΞ CMSΛ։ൃ͍ͯ͠ΔΤϯδχΞɻϑϩϯτΤ ϯυ͕޷͖ɻPHPͰόοΫΤϯυ։ൃ΋͠· ͢ɻFrontend Nagoya ͱ͍͏ษڧձΛओ࠵͠ ͯ·͢ɻϙέϞϯͱອը͕޷͖ɻ ӉҪ ཮ొ

    @uidev1116

  3. ࠓ೔ͷ໨త • ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗͤ͞ͳ͍ͨΊͷϚʔΫΞοϓΛ஌Δ • ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗͤ͞ͳ͍ͨΊͷUIΛ஌Δ • ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗͤ͞ͳ͍ͨΊͷػೳΛ஌Δ

  4. ύεϫʔυ؅ཧͷ՝୊ World Password Day Survey 2023 (Bitwarden) ΑΓ

  5. 52%

  6. 58%

  7. 🫠 ʮਪଌ͞Εʹ͍͘ʯύεϫʔυΛ ࢖ΘͤΔ࢓૊Έ͕ඞཁ

  8. ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗ ͤ͞ͳ͍ͨΊͷϚʔΫΞοϓΛ஌Δ

  9. ϒϥ΢β૊ΈࠐΈػೳͷϝϦοτΛڗडͰ͖Δ • ύεϫʔυϚωʔδϟʔ • ΞΫηγϏϦςΟ

  10. • <form>ɺ<label>ɺ<button> Λ࢖༻͢Δ • type=“password" ΍ type=“email” ͳͲద੾ͳ input λά

    ͷܕΛ࢖༻͢Δ • new-password ΍ current-password, username, email ͳͲద੾ͳ autocomplete ଐੑΛ׆༻͢Δ • aria-describedby ଐੑΛ࢖༻ͯ͠ɺύεϫʔυϙϦγʔΛઆ໌ ͢Δ

  11. ύεϫʔυϚωʔδϟʔ🔑

  12. <input type="password"> • ύεϫʔυΛ҆શʹೖྗ͢ΔͨΊͷܕ • 1 ͭ 1 ͭͷจࣈ͕ΞελϦεΫ ("*")

    ΍υοτ ("•") ͷΑ͏ͳه߸ʹΑͬ ͯӅ͞ΕΔ • ύεϫʔυϚωʔδϟʔ͕ݕ஌Մೳ

  13. autocomplete ଐੑ

  14. • αΠϯΠϯϑΥʔϜͳͲͷطଘͷ ύεϫʔυೖྗ • ύεϫʔυϚωʔδϟʔʹΑΔύ εϫʔυͷࣗಈೖྗ "current-password"

  15. "new-password" • αΠϯΞοϓϑΥʔϜ • ύεϫʔυมߋϑΥʔϜ • ύεϫʔυࣗಈੜ੒

  16. ύεϫʔυࣗಈೖྗͷ๷ࢭ • Basicೝূػೳ • ύεϫʔυมߋػೳ

  17. • ࠷ۙͷϒϥ΢βͰ͸ແࢹͯ͠ύε ϫʔυͷࣗಈೖྗΛ͢Δ(“current- password” ͱಉ͡ڍಈ) “off"

  18. ༨ஊͰ͕͢… • autocomplete=“username” ΛϢʔβʔIDɾϝʔϧΞυϨεͷ <input />ʹࢦఆ͢Δͱɺtype="text" ͷೖྗϑΟʔϧυ͕ෳ਺ଘ ࡏͨ͠৔߹ɺ༏ઌͯ͠ʮϢʔβʔ໊ʯͱͯࣗ͠ಈೖྗٴͼอଘͯ͘͠ ΕΔ •

    αΠϯΞοϓϑΥʔϜͷϢʔβʔ໊ʹར༻͢Δͱ👍

  19. ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗ ͤ͞ͳ͍ͨΊͷUIΛ஌Δ

  20. ֬ೝͷͨΊͷ࠶ೖྗ͸ඞཁͰ͔͢ 🤔

  21. https://www.zuko.io/blog/should-you-use-con fi rm-password-on-your-forms- and-websites-case-study ύεϫʔυ֬ೝ͸ίϯόʔδϣϯ཰ΛԼ͛Δ 21

  22. ίϐϖ͢Δ͚ͩͰ֬ೝͯ͠ͳ͍ 😮💨

  23. ύεϫʔυදࣔ੾Γସ͑ػೳ͕˕ • ύεϫʔυ͕Ӆ͞Ε͍ͯΔ৔߹ɺϢʔβʔ͸ύεϫʔυͷೖྗϛεΛ ͠΍͘͢ͳΔ • ೖྗϛε͕૿͑ΔͱϢʔβʔ͸ϩάΠϯ͢ΔҙཉΛࣦ͍ɺϏδωεత ʹ΋ଛࣦͱͳΔՄೳੑ͕͋Δ • ೖྗϛε͕૿͑ΔͱϢʔβʔ͸ೖྗϛεΛ͠ͳ͍ͨΊʹʮਪଌ͠΍͢ ͍ʯύεϫʔυΛ࢖༻͢ΔՄೳੑ͕͋Δ

  24. ༨ஊͰ͕͢… • ϞόΠϧΩʔϘʔυ͕αΠϯΠϯϘλϯΛ๦֐͠ͳ͍Α͏ʹ͢Δ͜ͱ ΋ݟམͱ͕͚ͪͩ͠Ͳେ੾👍

  25. ʮਪଌ͞Ε΍͍͢ʯύεϫʔυΛೖྗ ͤ͞ͳ͍ͨΊͷػೳΛ஌Δ

  26. ύεϫʔυڧ౓ϝʔλʔ📏

  27. zxcvbn • ΦϯϥΠϯετϨʔδαʔϏεΛఏڙ͍ͯ͠Δ Dropbox ͕։ൃɺ࣮ ࡍʹ࢖༻͞Ε͍ͯΔύεϫʔυڧ౓ਪఆͷͨΊͷϥΠϒϥϦ

  28. TypeScript ൛΋͋Γ·ͨ͠

  29. ಋೖ΋؆୯ʂ

  30. https://github.com/uidev1116/zxcvbn-ts-sample/ blob/master/src/main.ts 30 (JU)VCʹ͋͛ͯΈͨ✌

  31. ·ͱΊ

  32. ·ͱΊ ϒϥ΢βͷศརͳ૊ΈࠐΈػೳΛར༻͢Δͨ Ίɺద੾ͳHTMLλάΛར༻͠Α͏

  33. ·ͱΊ ֬ೝͷͨΊͷ࠶ೖྗ͕ඞཁ͔Ͳ͏͔ɺ࠶ݕ౼͠ ͯΈΑ͏ʂ

  34. ·ͱΊ zxcvbnΛ׆༻ͯ͠ύεϫʔυڧ౓νΣοΧʔ Λ࣮૷͠Α͏ʂ

  35. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻʂ @uidev1116