Feature #37279
Reject passwords that are the same as login, first name, or last name
Status: | New | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Accounts / authentication | |||
Target version: | - | |||
Resolution: |
Description
Some lazy users may use their login IDs or their names as passwords. This can be a security threat.
Such passwords should always be rejected.
History
#2
Updated by Go MAEDA 7 months ago
- File 37279.patch added
The attached patch adds User#test_validate_password_complexity
. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.
#4
Updated by Go MAEDA 7 months ago
- File 37279.patch
added