Feature #37279

Reject passwords that are the same as login, first name, or last name

Added by Go MAEDA about 1 month ago. Updated about 1 month ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:

Description

Some lazy users may use their login IDs or their names as passwords. This can be a security threat.

Such passwords should always be rejected.

37279.patch Magnifier (2.33 KB) Go MAEDA, 2022-07-09 09:14

History

#2 Updated by Go MAEDA about 1 month ago

  • File 37279.patch added

The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.

#3 Updated by Go MAEDA about 1 month ago

  • File deleted (37279.patch)

#4 Updated by Go MAEDA about 1 month ago

Also available in: Atom PDF