Project

General

Profile

Feature #6071

Strengthened password option

Added by Yannick Warnier over 6 years ago. Updated almost 4 years ago.

Status:
Feature implemented
Priority:
Normal
Assignee:
Category:
Global / Others / Misc
Target version:
Start date:
06/04/2013
Due date:
% Done:

100%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

A recent event where access through easy-to-guess passwords made way for some mediatic coverage citing the name of Chamilo (although Chamilo was not at fault as far as we could investigate after hours of analysis), it appears we need to give a push to our users to strengthen their passwords, in particular for privileged users (teachers and admins), otherwise they'll use stuff like "1234567" all over.

I've already asked here https://github.com/FITCoding/Simple-PHP-Password-Strength-Analyzer if the developer could give it a license so we can include the snippet in Chamilo (although honestly it's not complicated to come up with an acceptable solution).

Drupal also has a feature for that http://drupal.org/project/password_policy and another one that checks incidents happening on the login form: http://drupal.org/project/login_security and sends them to Nagios (nice :-)).

This could be added in 1.9.6 as a plugin, then to core for 1.10... (with a settings_current switch in the security section).

This is a security issue, so I'm adding it to 1.9.6 even though we are already done with tasks here.

History

#1

Updated by Yannick Warnier over 6 years ago

  • Target version changed from 1.9.6 to 2.0

Moving to a future version... This will probably be implemented for a customer and then applied to the 1.10 base.

#2

Updated by Yannick Warnier almost 4 years ago

  • Status changed from New to Feature implemented
  • Assignee set to Julio Montoya
  • % Done changed from 0 to 100

A JS validator was added to the user creation and edit forms to inform about seriousness of their password.
This was all available since 1.10

Also available in: Atom PDF