improvement password security for internal authentication
|Category:||Accounts / authentication|
Currently only the rule Minimum password length is adjustable for internal authentication.
It would e very helpful to add further adjustable rules to allow only passwords with a high security.
(Currently we use LDAP authentication for our employees and internal authentication for external partners as a well working differentiation.)
#3 Updated by Anonymous about 8 years ago
- don't accept the name or parts of the name (switch)
- don't accept sequenced numbers, letters or signs... (switch)
- the password has to contain:
small letters (switch)
capitel letters (switch)
- maximum usability period (possible a information mail to the user regarding a due date is necessary) (adjustable value)
- number of iterations to accept a recured password (adjustable value)
(responsible for completeness - maybe someone has better suggestions)
#4 Updated by Daniel Felix about 8 years ago
Maybe some kind of "Password has to be different to the last x passwords". Something like in the Windows-Authentication, where users can't change their password to some password used 12 changes before.
This could prevent some lazy people to change their outdated password "test" to "test1" and back again to "test".
#5 Updated by Anonymous almost 8 years ago
If possible to implement a tool like https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx... ;-) and a configuration field to set the necessary level of the password.