Konzept #271
Password constraints?
Status: | Erledigt | Start date: | ||
---|---|---|---|---|
Priority: | Niedrig | Due date: | ||
Assignee: | Alexander Blum | % Done: | 0% | |
Category: | - | Estimated time: | 0.50 h | |
Target version: | Repertoire 1) Testing phase I |
Description
Shall we enforce constraints on the passwords?
- Minimum character number (e.g. 8)
- Character set (e.g. capital, small, number, special character)
I assume this concept to be broken since ages.
The best measurement against the most stupid password would be a blacklist.
So, I propose a blacklist and minimum character number.
Related issues
History
#1 Updated by Meik Michalke almost 7 years ago
- Assignee changed from Meik Michalke to Alexander Blum
generally, i think that relying on passwords as the only means to protect access to online accounts is a thing of the past. we should keep U2F in mind to be added in the mid term (but not right now).
that said, demanding a minimal length (i'd vote for 10 instead of 8) in combination with a check similar to e.g. "john the ripper" should do it for the moment. guess that could be implemented using a blacklist, if that particular blacklist is defined reasonably and updated on a regular basis.
#3 Updated by Alexander Blum almost 7 years ago
- Related to Webfrontend #315: Set password policy added
#4 Updated by Alexander Blum over 4 years ago
- Target version changed from 1) Testing phase I to Repertoire 1) Testing phase I
#5 Updated by Alexander Blum over 4 years ago
- Project changed from repertoire to collecting_society