Please treat symbols as part of the complexity check in SSO
Bug #1055741 reported by
Joey Stanford
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
New
|
Undecided
|
Unassigned |
Bug Description
Hi,
In SSO today we require a minimum of 8 characters, at least 1 number, and one lower & upper letter.
For complexity checking in SSO we should also add "one symbol (such as #, $, @, or *)" as per IT security best practice.
Thanks.
To post a comment you must log in.
On Tue, Sep 25, 2012 at 7:53 AM, Joey Stanford <email address hidden> wrote:
> Public bug reported:
>
> Hi,
>
> In SSO today we require a minimum of 8 characters, at least 1 number,
> and one lower & upper letter.
>
> For complexity checking in SSO we should also add "one symbol (such as
> #, $, @, or *)" as per IT security best practice.
There was a long thread on password security on the internal -tech arstechnica. com/business/ 2012/03/ passphrases- only-marginally -more-secure- than-passwords- because- of-poor- choices/
list, we have a balance to strike between ease of use and security;
passphrases offer the potential for stronger, more memorable inputs.
OTOH http://