Feature #37279: Reject passwords that are the same as login, first name, or last name - Redmine

Feature #37279

Reject passwords that are the same as login, first name, or last name

Added by Go MAEDA 7 months ago. Updated 7 months ago.

Status:

New

Start date:

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Accounts / authentication

Target version:

Resolution:

Description

Some lazy users may use their login IDs or their names as passwords. This can be a security threat.

Such passwords should always be rejected.

37279.patch (2.33 KB) Go MAEDA, 2022-07-09 09:14

History

#2 Updated by Go MAEDA 7 months ago

File 37279.patch added

The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.

#3 Updated by Go MAEDA 7 months ago

File deleted (~~37279.patch~~)

#4 Updated by Go MAEDA 7 months ago

File 37279.patch added

Also available in: Atom PDF

Redmine

Issues