Increase password length minimum requirement
Bug #1541171 reported by
Kristina Hoeppner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Invalid
|
High
|
Unassigned |
Bug Description
You can set a password that is only 3 characters long on your account settings page. When you set up your first password though you are already asked for a longer one.
We agreed in the 50th developer meeting http://
Minimum length: 6 characters
Maximum length: 255 characters
Changed in mahara: | |
milestone: | 16.04.0 → none |
To post a comment you must log in.
Hi Kristina,
I wasn't able to replicate this issue. When I tried to create a three-letter password, either on my own account settings page, or in the "Administration -> Users -> Add user" page, I got an error message telling me my password must be at least six characters long.
And looking at the "is_password_ valid() " method in htdocs/ auth/internal. php, I see that the current limitation on passwords seems to be this regular expression:
/^[a-zA-Z0-9 ~!@#\$% \^&\*\( \)_\-=\ +\,\.<> \/\?;:" \[\]\{\ }\\|`\' ]{6,}$/
In other words at least 6 characters, with the allowed list of characters being basically everything on a QWERTY keyboard. And there doesn't seem to be any upper limit. (I set my password to something that was 168 characters long, with no problem.)
Can you clarify if there's a screen I'm missing or something?
Cheers,
Aaron