Increase password length minimum requirement

Bug #1541171 reported by Kristina Hoeppner on 2016-02-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Unassigned

Bug Description

You can set a password that is only 3 characters long on your account settings page. When you set up your first password though you are already asked for a longer one.

We agreed in the 50th developer meeting http://meetbot.mahara.org/mahara-dev/2016/mahara-dev.2016-02-02-07.34.log.html#l-243 to increase the minimum length and also increase the maximum length.

Minimum length: 6 characters
Maximum length: 255 characters

Aaron Wells (u-aaronw) wrote :

Hi Kristina,

I wasn't able to replicate this issue. When I tried to create a three-letter password, either on my own account settings page, or in the "Administration -> Users -> Add user" page, I got an error message telling me my password must be at least six characters long.

And looking at the "is_password_valid()" method in htdocs/auth/internal.php, I see that the current limitation on passwords seems to be this regular expression:

/^[a-zA-Z0-9 ~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\|`\']{6,}$/

In other words at least 6 characters, with the allowed list of characters being basically everything on a QWERTY keyboard. And there doesn't seem to be any upper limit. (I set my password to something that was 168 characters long, with no problem.)

Can you clarify if there's a screen I'm missing or something?

Cheers,
Aaron

Changed in mahara:
status: Confirmed → Incomplete

Oh dear. I looked at the username and nobody corrected me.

Changed in mahara:
status: Incomplete → Invalid
Robert Lyon (robertl-9) on 2016-03-31
Changed in mahara:
milestone: 16.04.0 → none
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers