Redmine

further adjustable rules

Yes, could you list a few examples of the rules you expect?

• don't accept the name or parts of the name (switch)
• don't accept sequenced numbers, letters or signs... (switch)
• the password has to contain:

small letters (switch)
capitel letters (switch)
numbers (switch)
signs (switch)

• maximum usability period (possible a information mail to the user regarding a due date is necessary) (adjustable value)
• number of iterations to accept a recured password (adjustable value)

(responsible for completeness - maybe someone has better suggestions)

Maybe some kind of "Password has to be different to the last x passwords". Something like in the Windows-Authentication, where users can't change their password to some password used 12 changes before.
This could prevent some lazy people to change their outdated password "test" to "test1" and back again to "test".

If possible to implement a tool like https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx... ;-) and a configuration field to set the necessary level of the password.

duplicate of #3155