Password policy
Bug #845263 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Gregor Anželj |
Bug Description
For internal policy reasons, some people might need Mahara to enforce a password policy.
If we implement this feature, we should make sure that:
- it's optional
- it's disabled by default
- we include a warning saying that it could result in less secure passwords (ideally linking to research paper demonstrating this)
Changed in mahara: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
summary: |
- Optional Password policy + Optional password policy |
tags: |
added: passwords removed: password |
Changed in mahara: | |
status: | In Progress → Fix Committed |
milestone: | none → 18.04.0 |
tags: |
added: nominatedfeature removed: passwords |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Improve the password policy enforcement and configuration in Mahara. Have a pre-defined password policy of a minimum of 8 characters with type "alphanumeric mixed case + symbols". Also allow admins to set the password policy in Site Options > Security Settings. In all locations where password is set the password input should also include a password strength indicator.