Feature #37279
Reject passwords that are the same as login, first name, or last name
| Status: | New | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Accounts / authentication | |||
| Target version: | - | |||
| Resolution: |
Description
Some lazy users may use their login IDs or their names as passwords. This can be a security threat.
Such passwords should always be rejected.
37279.patch 
(2.33 KB)
History
#2
Updated by Go MAEDA about 1 month ago
- File 37279.patch added
The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.
#3
Updated by Go MAEDA about 1 month ago
- File deleted (
37279.patch)
#4
Updated by Go MAEDA about 1 month ago
- File 37279.patch added