Feature #12182


improvement password security for internal authentication

Added by Anonymous over 10 years ago. Updated over 8 years ago.

Accounts / authentication
Target version:
Start date:
Due date:
% Done:


Estimated time:


Currently only the rule Minimum password length is adjustable for internal authentication.
It would e very helpful to add further adjustable rules to allow only passwords with a high security.

(Currently we use LDAP authentication for our employees and internal authentication for external partners as a well working differentiation.)

Related issues

Is duplicate of Redmine - Feature #3155: Password policy and secure logon procedureNew2009-04-10

Actions #1

Updated by Etienne Massip over 10 years ago

  • Category set to Accounts / authentication
Actions #2

Updated by Jean-Philippe Lang over 10 years ago

further adjustable rules

Yes, could you list a few examples of the rules you expect?

Actions #3

Updated by Anonymous over 10 years ago

some suggestions for switchable / adjustable rules (additional to the length):
  • don't accept the name or parts of the name (switch)
  • don't accept sequenced numbers, letters or signs... (switch)
  • the password has to contain:

small letters (switch)
capitel letters (switch)
numbers (switch)
signs (switch)

  • maximum usability period (possible a information mail to the user regarding a due date is necessary) (adjustable value)
  • number of iterations to accept a recured password (adjustable value)

(responsible for completeness - maybe someone has better suggestions)

Actions #4

Updated by Daniel Felix over 10 years ago

Maybe some kind of "Password has to be different to the last x passwords". Something like in the Windows-Authentication, where users can't change their password to some password used 12 changes before.
This could prevent some lazy people to change their outdated password "test" to "test1" and back again to "test".

Actions #5

Updated by Anonymous about 10 years ago

If possible to implement a tool like ;-) and a configuration field to set the necessary level of the password.

Actions #6

Updated by @ go2null over 8 years ago

duplicate of #3155

Actions #7

Updated by Mischa The Evil over 8 years ago

  • Is duplicate of Feature #3155: Password policy and secure logon procedure added
Actions #8

Updated by Mischa The Evil over 8 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

@ go2null wrote:

duplicate of #3155

Indeed. Closing as such. Thanks for the ref.


Also available in: Atom PDF