Actions
Feature #37279
closedReject passwords that are the same as login, first name, last name, or email
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Description
Some lazy users may use their login IDs or their names as passwords. This can be a security threat.
Such passwords should always be rejected.
Files
Updated by Go MAEDA about 2 years ago
- File 37279.patch added
The attached patch adds User#test_validate_password_complexity
. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.
Updated by Go MAEDA about 1 month ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the patch in r22888.
Updated by Go MAEDA about 1 month ago
- Status changed from Resolved to Closed
Updated locales in r22893.
Actions