Feature #12182
closed
improvement password security for internal authentication
0%
Description
Currently only the rule Minimum password length is adjustable for internal authentication.
It would e very helpful to add further adjustable rules to allow only passwords with a high security.
(Currently we use LDAP authentication for our employees and internal authentication for external partners as a well working differentiation.)
Related issues
Updated by Etienne Massip over 11 years ago
- Category set to Accounts / authentication
Updated by Jean-Philippe Lang over 11 years ago
further adjustable rules
Yes, could you list a few examples of the rules you expect?
Updated by Anonymous over 11 years ago
- don't accept the name or parts of the name (switch)
- don't accept sequenced numbers, letters or signs... (switch)
- the password has to contain:
small letters (switch)
capitel letters (switch)
numbers (switch)
signs (switch)
- maximum usability period (possible a information mail to the user regarding a due date is necessary) (adjustable value)
- number of iterations to accept a recured password (adjustable value)
(responsible for completeness - maybe someone has better suggestions)
Updated by Daniel Felix over 11 years ago
Maybe some kind of "Password has to be different to the last x passwords". Something like in the Windows-Authentication, where users can't change their password to some password used 12 changes before.
This could prevent some lazy people to change their outdated password "test" to "test1" and back again to "test".
Updated by Anonymous almost 11 years ago
If possible to implement a tool like https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx... ;-) and a configuration field to set the necessary level of the password.
Updated by
Updated by Mischa The Evil about 9 years ago
- Is duplicate of Feature #3155: Password policy and secure logon procedure added
Updated by Mischa The Evil about 9 years ago
- Status changed from New to Closed
- Resolution set to Duplicate