Konzept #271

Password constraints?

Added by Alexander Blum over 4 years ago. Updated about 2 years ago.

Status:ErledigtStart date:
Priority:NiedrigDue date:
Assignee:Alexander Blum% Done:


Category:-Estimated time:0.50 h
Target version:Repertoire 1) Testing phase I


Shall we enforce constraints on the passwords?

  • Minimum character number (e.g. 8)
  • Character set (e.g. capital, small, number, special character)

I assume this concept to be broken since ages.
The best measurement against the most stupid password would be a blacklist.

So, I propose a blacklist and minimum character number.

Related issues

Related to collecting_society - Webfrontend #315: Set password policy Neu


#1 Updated by Meik Michalke over 4 years ago

  • Assignee changed from Meik Michalke to Alexander Blum

generally, i think that relying on passwords as the only means to protect access to online accounts is a thing of the past. we should keep U2F in mind to be added in the mid term (but not right now).

that said, demanding a minimal length (i'd vote for 10 instead of 8) in combination with a check similar to e.g. "john the ripper" should do it for the moment. guess that could be implemented using a blacklist, if that particular blacklist is defined reasonably and updated on a regular basis.

#2 Updated by Alexander Blum over 4 years ago

  • Status changed from Feedback to Erledigt


#3 Updated by Alexander Blum over 4 years ago

#4 Updated by Alexander Blum about 2 years ago

  • Target version changed from 1) Testing phase I to Repertoire 1) Testing phase I

#5 Updated by Alexander Blum about 2 years ago

  • Project changed from repertoire to collecting_society

Also available in: Atom PDF