Details
-
New Feature
-
Resolution: Fixed
-
Major
-
6.2
-
None
Description
Why
- We need to review our way of checking the password so it can be the right time to add a new functionality
- Other Intranet application come with a stronger password than 6 letter minimum since password are generated by the tool directly including special chars, caps, ...
- XWiki prone to say that it's a secure tool and users love to see security options to be aware of it.
Objective
- Give the admin the possibility to pick the security level for passwords in using a specific list of prepared case which does not involve any regex writing or script modification but only checkboxes.
Proposal
- Add a menu in administration labelled "Password validation"
- The page will display checkboxes in front of different checks which can be done with regex.
- Password must be at least "LIST" character long => Is checked by default with "6" picked
- options : 6, 8, 10, 12
- Password need minimum one capital character
- Password need minimum one numeric character
- Password need minimum one special character (non alpha-numerical character)
- Password must be at least "LIST" character long => Is checked by default with "6" picked
If the admin change this after that a user has been created, we won't bother the user but if at some point he wants to change he ill be force to fill the new conditions.
Proposal plus 1
- An other option would be to force all passwords to be random and created by the tool in respecting the selected rules and sent by emails.
Proposal plus 2
- An other option could be to give a custom regex check. In that case we'll need also to add a field to set the error message manually since it also has to be custom.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
XWIKI-17510 The reset password functionality is not affected by password strength rules
-
- Closed
-
-
-
- Closed
-