Actions
Feature #37279
openReject passwords that are the same as login, first name, or last name
Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Description
Some lazy users may use their login IDs or their names as passwords. This can be a security threat.
Such passwords should always be rejected.
Files
Updated by Go MAEDA about 1 year ago
- File 37279.patch added
The attached patch adds User#test_validate_password_complexity
. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.
Actions