Project

General

Profile

Actions
Copy link

Feature #37279

open

Reject passwords that are the same as login, first name, or last name

Added by Go MAEDA over 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Some lazy users may use their login IDs or their names as passwords. This can be a security threat.

Such passwords should always be rejected.

Files

37279.patch (2.33 KB) 37279.patch Go MAEDA, 2022-07-09 09:14
Actions
Copy link
 #2

Updated by Go MAEDA about 1 year ago

  • File 37279.patch added

The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.

Actions
Copy link
 #3

Updated by Go MAEDA about 1 year ago

  • File deleted (37279.patch)
Actions
Copy link
 #4

Updated by Go MAEDA about 1 year ago

Actions
Copy link

Also available in: Atom PDF