Feature #12182

improvement password security for internal authentication

Added by Anonymous over 8 years ago. Updated about 6 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:Duplicate

Description

Currently only the rule Minimum password length is adjustable for internal authentication.
It would e very helpful to add further adjustable rules to allow only passwords with a high security.

(Currently we use LDAP authentication for our employees and internal authentication for external partners as a well working differentiation.)


Related issues

Duplicates Redmine - Feature #3155: Password policy and secure logon procedure New 2009-04-10

History

#1 Updated by Etienne Massip over 8 years ago

  • Category set to Accounts / authentication

#2 Updated by Jean-Philippe Lang about 8 years ago

further adjustable rules

Yes, could you list a few examples of the rules you expect?

#3 Updated by Anonymous about 8 years ago

some suggestions for switchable / adjustable rules (additional to the length):
  • don't accept the name or parts of the name (switch)
  • don't accept sequenced numbers, letters or signs... (switch)
  • the password has to contain:

small letters (switch)
capitel letters (switch)
numbers (switch)
signs (switch)

  • maximum usability period (possible a information mail to the user regarding a due date is necessary) (adjustable value)
  • number of iterations to accept a recured password (adjustable value)

(responsible for completeness - maybe someone has better suggestions)

#4 Updated by Daniel Felix about 8 years ago

Maybe some kind of "Password has to be different to the last x passwords". Something like in the Windows-Authentication, where users can't change their password to some password used 12 changes before.
This could prevent some lazy people to change their outdated password "test" to "test1" and back again to "test".

#5 Updated by Anonymous almost 8 years ago

If possible to implement a tool like https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx... ;-) and a configuration field to set the necessary level of the password.

#6 Updated by @ go2null about 6 years ago

duplicate of #3155

#7 Updated by Mischa The Evil about 6 years ago

  • Duplicates Feature #3155: Password policy and secure logon procedure added

#8 Updated by Mischa The Evil about 6 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

@ go2null wrote:

duplicate of #3155

Indeed. Closing as such. Thanks for the ref.

Also available in: Atom PDF