Feature #37279: Reject passwords that are the same as login, first name, last name, or email - Redmine

Actions

Copy link

Feature #37279

closed

Reject passwords that are the same as login, first name, last name, or email

Added by Go MAEDA over 2 years ago. Updated 5 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Go MAEDA

Category:

Accounts / authentication

Target version:

6.0.0

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Fixed

Description

Some lazy users may use their login IDs or their names as passwords. This can be a security threat.

Such passwords should always be rejected.

Files

37279.patch (2.33 KB) 37279.patch

Go MAEDA, 2022-07-09 09:14

Actions

Copy link

Updated by Go MAEDA over 2 years ago

File 37279.patch added

The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.

Actions

Copy link

Updated by Go MAEDA over 2 years ago

File deleted (~~37279.patch~~)

Actions

Copy link

Updated by Go MAEDA over 2 years ago

File 37279.patch 37279.patch added

Actions

Copy link

Updated by Go MAEDA 6 months ago

Subject changed from Reject passwords that are the same as login, first name, or last name to Reject passwords that are the same as login, first name, last name, or email
Target version set to 6.0.0

Setting the target version to 6.0.0.

Actions

Copy link