Feature #37279
closed
Reject passwords that are the same as login, first name, last name, or email
Added by Go MAEDA about 2 years ago.
Updated 26 days ago.
Category:
Accounts / authentication
Description
Some lazy users may use their login IDs or their names as passwords. This can be a security threat.
Such passwords should always be rejected.
Files
The attached patch adds User#test_validate_password_complexity. It rejects passwords that are the same as the user's login, first name, last name, or email for now. I think it would be great if the method is extended to also reject passwords with dictionary words in the future.
- File deleted (
37279.patch)
- Subject changed from Reject passwords that are the same as login, first name, or last name to Reject passwords that are the same as login, first name, last name, or email
- Target version set to 6.0.0
Setting the target version to 6.0.0.
- Status changed from New to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the patch in r22888.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by