** Tags added: behat has-behat -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/844457
Title: suckypasswords check is very limited, could be expanded Status in Mahara ePortfolio: Fix Released Bug description: When validating passwords, there is is a check against an array of really bad passwords: https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606 Currently the collection of bad passwords is really small. It could be expanded. Some resources are: http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html http://img.sjbn.co/files/500-most-used-passwords-show-as-a-tag-cloud.gif http://www.skullsecurity.org/wiki/index.php/Passwords There should be more than one level of filtering bad passwords. Some, such as the current suckypasswords collection, should be forced. There should also be an optional blacklist based on the resources above. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/844457/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
