[ixpmanager] Password strength
Barry O'Donovan
barry.odonovan at inex.ie
Tue Mar 28 21:50:38 IST 2017
Hi Herman,
Herman Loennechen wrote:
> Is it possible to add requirements to the password policy?
>
> As far as we can tell the current requirement is determined here in
> ResetPassword.php:
>
> ->addValidator( 'stringLength', false, array( 8, 30, 'UTF-8' ) )
Correct (there and one other place iirc).
> Is there / do you plan to support special characters, case sensitivity
> etc. as a password requirement?
There are no plans. If there were, we'd need to also offer an opt out or
configurability.
IMHO, we're not an application for the masses and deal with a very savvy
audience (IXP customers) and I'm conflicting about imposing such
restrictions on them.
I'm more interested in 2fa actually. But if/when we do 2fa, we'd also
make password strength configurable.
Auth is currently handled by the older framework and it needs to move to
the newer one (Zend -> Laravel). Doing that would roll in 2fa. But,
honestly, our development horizon is pretty full for the next three months.
But I like this as part of the overall body of auth work that needs to
be done so it's now an official feature request:
https://github.com/inex/IXP-Manager/issues/308
- Barry
More information about the ixpmanager
mailing list