Feature #6071

Strengthened password option

Added by Yannick Warnier about 8 years ago. Updated over 5 years ago.

Feature implemented
Global / Others / Misc
Target version:
Start date:
Due date:
% Done:


Estimated time:
SCRUM pts - complexity:


A recent event where access through easy-to-guess passwords made way for some mediatic coverage citing the name of Chamilo (although Chamilo was not at fault as far as we could investigate after hours of analysis), it appears we need to give a push to our users to strengthen their passwords, in particular for privileged users (teachers and admins), otherwise they'll use stuff like "1234567" all over.

I've already asked here if the developer could give it a license so we can include the snippet in Chamilo (although honestly it's not complicated to come up with an acceptable solution).

Drupal also has a feature for that and another one that checks incidents happening on the login form: and sends them to Nagios (nice :-)).

This could be added in 1.9.6 as a plugin, then to core for 1.10... (with a settings_current switch in the security section).

This is a security issue, so I'm adding it to 1.9.6 even though we are already done with tasks here.



Updated by Yannick Warnier about 8 years ago

  • Target version changed from 1.9.6 to 2.0

Moving to a future version... This will probably be implemented for a customer and then applied to the 1.10 base.


Updated by Yannick Warnier over 5 years ago

  • Status changed from New to Feature implemented
  • Assignee set to Julio Montoya
  • % Done changed from 0 to 100

A JS validator was added to the user creation and edit forms to inform about seriousness of their password.
This was all available since 1.10

Also available in: Atom PDF