[Koha-bugs] [Bug 25934] New: RequireStrongPassword should be more complex (password policy complexity)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 6 04:15:22 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934
Bug ID: 25934
Summary: RequireStrongPassword should be more complex (password
policy complexity)
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
At the moment, RequireStrongPassword uses a minimum password length (of only 3
characters or the sysperf minPasswordLength) and a static regular expression.
Here are a number of improvements:
1. A minimum length of 10 characters that can't be lowered via
minPasswordLength
2. Should contain 3 of the following 4 sets (lowercase, uppercase, numbers,
special characters)
3. Not be the same as a previously set password
4. Should not include dictionary words or common passwords
(This could be challenging to do comprehensively on low spec systems, although
one variation of this could be to add a customizable list of passwords to
exclude.)
5. Should not be equal to the username
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list