Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: High High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Labels:
      None

      Description

      The default password strengt requirements in eZ Publish and eZ Platform, out of the box, are too low. A conscientous admin will improve these, but our defaults should be safer. I propose 10 characters as the default minimum length. (8 is common, but there are indications that this is not safe enough anymore.)

      eZ Platform also supports quality checks: upper/lower case, digits, special chars. I propose to enable these as default, except special chars (to reduce the annoyance factor).

        Activity

        Show
        Gunnstein Lye added a comment - - edited eZ Platform PR: https://github.com/ezsystems/ezpublish-kernel/pull/2570 QA approved and merged in master (2.5) https://github.com/ezsystems/ezpublish-kernel/commit/3400cc7a4acb8466ea8ff7168e406380b975c8fe Legacy PR: https://github.com/ezsystems/ezpublish-legacy/pull/1423 QA approved and merged in master https://github.com/ezsystems/ezpublish-legacy/commit/61afb984b9d0d490b4db102a2b4055a0476d0d12
        Hide
        Gunnstein Lye added a comment -

        QA, please test this for 2.5 (first priority, LS approved) and legacy (secondary priority). The doc file changes included in the PRs describe what has changed. What to test should follow from that, I think. It's important that existing passwords will continue to work.

        Show
        Gunnstein Lye added a comment - QA, please test this for 2.5 (first priority, LS approved) and legacy (secondary priority). The doc file changes included in the PRs describe what has changed. What to test should follow from that, I think. It's important that existing passwords will continue to work.
        Hide
        Michał Szołtysek added a comment -

        Tested on both 2.5 and 5.4.

        Show
        Michał Szołtysek added a comment - Tested on both 2.5 and 5.4.

          People

          • Assignee:
            Unassigned
            Reporter:
            Gunnstein Lye
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 1 day, 6 hours, 45 minutes
              1d 6h 45m