Feature #4221

Enforcing Strong Password for Users

Added by jim joseph about 8 years ago. Updated almost 2 years ago.

Status:NewStart date:2009-11-16
Priority:HighDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:

Description

I would like to enforce strong password for users in redmine. As if now redmine will accept any four letter password. Is there a way that applicaton checks how strong a password is when a new user register in it.

Can we implement any password generator with redmine?


Related issues

Related to Redmine - Feature #3872: New user password - better functionality Closed 2009-09-15
Duplicated by Redmine - Feature #25054: Enforcing Strong Password in Redmine Closed

History

#1 Updated by Jean-Philippe Lang about 8 years ago

As of r2678, you can specify the minimum password length in settings.
But a minimum password strength setting could be also added (eg. Fair, Strong, Very strong) using kind of password strengh meter.

#2 Updated by Jean-Philippe Lang about 8 years ago

  • Category set to Accounts / authentication

#3 Updated by Henrik Ammer about 8 years ago

Jean-Philippe Lang wrote:

But a minimum password strength setting could be also added (eg. Fair, Strong, Very strong) using kind of password strengh meter.

I would love to see this!

#4 Updated by Samuel Suther over 4 years ago

*1

#5 Updated by @ go2null over 4 years ago

Can we implement any password generator with redmine?

  • Implemented in v2.4.0 - Feature #3872 New user password - better functionality

#6 Updated by Toshi MARUYAMA over 4 years ago

  • Related to Feature #3872: New user password - better functionality added

#7 Updated by Simon O almost 4 years ago

1
The new feature implemented in 2.4.0
+ referring to Feature #3872 includes a secured password generator.
However, if users may change their password at first login, they may pick "aaaaaaaa" which is far away from being secure. Thus, I also recommend to add a kind of password security check as suggested by jim joseph.
Please reopen ticket.
Thanks a lot!

#8 Updated by Aleksandar Pavic visit redminecookbook.com almost 2 years ago

+1

There are some recent efforts as I can see.

https://github.com/simonswine/redmine_password_tool
https://github.com/go2null/redmine_account_policy

But this should be a core system feature, it is a must for enterprise use.

#9 Updated by Toshi MARUYAMA 10 months ago

  • Duplicated by Feature #25054: Enforcing Strong Password in Redmine added

Also available in: Atom PDF