[Koha-bugs] [Bug 25934] RequireStrongPassword should be more complex (password policy complexity)
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 6 08:14:15 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25934
--- Comment #2 from David Cook <dcook at prosentient.com.au> ---
(In reply to Katrin Fischer from comment #1)
> There was discussion in the past about having some kind of plugin structure
> (bug 13664).
I was thinking about that a little bit. I mean password managers let you set
length and character sets, so it does make sense for it to be a bit
configurable.
The dictionaries/common passwords would need to be configurable too.
I think storing old password hashes and not matching username/password should
just be baked in.
> I think 1. might not be agreeable to some (unless you mean it
> would only enforce length in combination with another setting). There were
> libraries very much insisting on such short passwords.
That's unfortunate although that's a good point. Personally, I'd like strong
defaults, and then people who choose weaker policies would have to accept the
risk that brings.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list