Password policy

Bug #845263 reported by François Marier on 2011-09-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Gregor Anželj

Bug Description

For internal policy reasons, some people might need Mahara to enforce a password policy.

If we implement this feature, we should make sure that:

- it's optional
- it's disabled by default
- we include a warning saying that it could result in less secure passwords (ideally linking to research paper demonstrating this)

Changed in mahara:
status: New → Triaged
importance: Undecided → Wishlist
summary: - Optional Password policy
+ Optional password policy
tags: added: passwords
removed: password
Gregor Anželj (gregor-anzelj) wrote :

Improve the password policy enforcement and configuration in Mahara. Have a pre-defined password policy of a minimum of 8 characters with type "alphanumeric mixed case + symbols". Also allow admins to set the password policy in Site Options > Security Settings. In all locations where password is set the password input should also include a password strength indicator.

Changed in mahara:
assignee: nobody → Gregor Anželj (gregor-anzelj)
assignee: Gregor Anželj (gregor-anzelj) → nobody
assignee: nobody → Gregor Anželj (gregor-anzelj)
Changed in mahara:
status: Triaged → In Progress

Reviewed: https://reviews.mahara.org/8450
Committed: https://git.mahara.org/mahara/mahara/commit/9c26c145f05529d95d01867f85ebfb5af0668d25
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 9c26c145f05529d95d01867f85ebfb5af0668d25
Author: Gregor Anzelj <email address hidden>
Date: Wed Jan 17 21:02:50 2018 +0100

Bug 845263: Password policy

Improve the password policy enforcement and configuration in Mahara.
Have a pre-defined password policy of a minimum of 8 characters with
type "alphanumeric mixed case + symbols".

Also allow site administrators to set the desired password policy in
Site Options > Security Settings. In all locations where password
is set, the password input should also include a password strength
indicator.

Change-Id: I020af58a6cf1635fe295f5434783ce5b6f6daacb

Robert Lyon (robertl-9) on 2018-03-06
Changed in mahara:
status: In Progress → Fix Committed
milestone: none → 18.04.0
tags: added: nominatedfeature
removed: passwords

We decided to not make it optional.

summary: - Optional password policy
+ Password policy
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers