https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934
Bug ID: 25934 Summary: RequireStrongPassword should be more complex (password policy complexity) Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dc...@prosentient.com.au QA Contact: testo...@bugs.koha-community.org CC: dpav...@rot13.org At the moment, RequireStrongPassword uses a minimum password length (of only 3 characters or the sysperf minPasswordLength) and a static regular expression. Here are a number of improvements: 1. A minimum length of 10 characters that can't be lowered via minPasswordLength 2. Should contain 3 of the following 4 sets (lowercase, uppercase, numbers, special characters) 3. Not be the same as a previously set password 4. Should not include dictionary words or common passwords (This could be challenging to do comprehensively on low spec systems, although one variation of this could be to add a customizable list of passwords to exclude.) 5. Should not be equal to the username -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/