Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11309

Give the possibility to pick the password security level

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.2
    • Fix Version/s: 11.9
    • Component/s: Administration
    • Labels:
      None
    • Tests:
      Integration
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Why

      • We need to review our way of checking the password so it can be the right time to add a new functionality
      • Other Intranet application come with a stronger password than 6 letter minimum since password are generated by the tool directly including special chars, caps, ...
      • XWiki prone to say that it's a secure tool and users love to see security options to be aware of it.

      Objective

      • Give the admin the possibility to pick the security level for passwords in using a specific list of prepared case which does not involve any regex writing or script modification but only checkboxes.

      Proposal

      • Add a menu in administration labelled "Password validation"
      • The page will display checkboxes in front of different checks which can be done with regex.
        • Password must be at least "LIST" character long => Is checked by default with "6" picked
          • options : 6, 8, 10, 12
        • Password need minimum one capital character
        • Password need minimum one numeric character
        • Password need minimum one special character (non alpha-numerical character)

      If the admin change this after that a user has been created, we won't bother the user but if at some point he wants to change he ill be force to fill the new conditions.

      Proposal plus 1

      • An other option would be to force all passwords to be random and created by the tool in respecting the selected rules and sent by emails.

      Proposal plus 2

      • An other option could be to give a custom regex check. In that case we'll need also to add a field to set the error message manually since it also has to be custom.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                surli Simon Urli
                Reporter:
                jcoury Jean Coury
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: