Project

General

Profile

Actions
Copy link

Feature #37279

closed

Reject passwords that are the same as login, first name, last name, or email

Added by Go MAEDA almost 3 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Accounts / authentication
Target version:
6.0.0
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

Some lazy users may use their login IDs or their names as passwords. This can be a security threat.

Such passwords should always be rejected.

Files

37279.patch (2.33 KB) 37279.patch Go MAEDA, 2022-07-09 09:14
Actions
Copy link
 #2

Updated by Go MAEDA almost 3 years ago

  • File 37279.patch added

The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.

Actions
Copy link
 #3

Updated by Go MAEDA almost 3 years ago

  • File deleted (37279.patch)
Actions
Copy link
 #4

Updated by Go MAEDA almost 3 years ago

Actions
Copy link
 #5

Updated by Go MAEDA 12 months ago

  • Subject changed from Reject passwords that are the same as login, first name, or last name to Reject passwords that are the same as login, first name, last name, or email
  • Target version set to 6.0.0

Setting the target version to 6.0.0.

Actions
Copy link
 #6

Updated by Go MAEDA 11 months ago

  • Status changed from New to Resolved
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the patch in r22888.

Actions
Copy link
 #7

Updated by Go MAEDA 11 months ago

  • Status changed from Resolved to Closed

Updated locales in r22893.

Actions
Copy link

Also available in: Atom PDF