[Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617 --- Comment #17 from David Cook <dcook@prosentient.com.au> --- (In reply to Fridolin SOMERS from comment #16)
However Javascript doesn't seem to support POSIX Ah ok good point.
But why are öäåÄÖÅ not in : if ( password_policy == 'complex' ){ chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}! @#$%^&*()_-+?';
In my opinion, for a heavy international software like Koha you may stick to [a-zA-Z] as the only alphabetic characters.
Or create lang-based policies complex-en, complex-fi ...
I think the default with password managers tend to be printable ASCII characters (ie: Upper-case, Lower-case, Digits, Special). That said, I have seen "High ANSI characters" as an option... But then I thought about Chinese password habits (https://medium.com/@ye.sunnia/an-analysis-of-chinese-passwords-e49b97b91919 or https://www.theverge.com/tldr/2019/3/5/18252150/bad-password-security-data-b...), which seem to fall into ASCII. I just spun up a Keycloak container (an Identity Provider created by Red Hat), and I'm trying to reset my password (as a user) to a Chinese password in Windows Chrome, but it seems to be preventing my software-based pinyin input from working. It seems to be forcing my hardware keyboard. (Like if I type in "wo", I see 2 masked characters appearing in the password field, rather than being able to select the 1 我 character.) That said, as a Keycloak admin, I was able to input a 我 character into the user's password field. I wasn't able to manually enter it as a user, but if I copied and pasted 我 into the password field as a user, it worked. Going back to the user view, I notice when I move from the username field to the password field, my software keyboard changes modes from Chinese mode to English mode. If manually change the mode... it doesn't seem to make a difference. Here's some reading on Keycloak password policies: https://www.keycloak.org/docs/latest/server_admin/#password-policy-types, which might be useful. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org