Increase password complexity
Bug #1613265 reported by
Paul Everitt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL4 |
Fix Released
|
Medium
|
Carlos de la Guardia |
Bug Description
"accept special characters and long passwords (up to 20 char)"
While we need to get the exact policy from OSF, we can at least describe the improved facility.
I propose to change the password enforcement to be driven by a regex in the conf file. I'm hoping that regular expressions can encode the information needed:
- Min/max length
- Min/max upper/lowercase
- Min/max numbers or symbols
For the implementation, I believe this only affects the change password view. (Does password reset use this same view?)
This task has no other corollary actions, e.g. a one-time forcing of everyone to change their password or to log back in.
tags: |
added: auth removed: gsasync |
Changed in karl4: | |
milestone: | 022 → 023 |
Changed in karl4: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Let's make sure that none of this data about changing passwords winds up triggering re-indexing of the profile nor a Feed Event.