password policy - Githubissues

Concorda / concorda-server

MIT License

8 stars 2 forks source link

password policy #88

Open mirceaalexandru opened 8 years ago

mirceaalexandru commented 8 years ago

Right now the implemented password policy has following constraints:

minimum length
require at least one lower case
require at least one upper case
require number

The security checklist however requires something like this:

Password must be at least 8 characters long and meet at least two of the following conditions: Mix of letters and numbers , Mix of upper and lower case letters and Special characters (e.g., # & * ! $)

@AdrianRossouw any comments?

AdrianRossouw commented 8 years ago

i think if we just modify it to be the following it would meet the requirements:

minimum length
one or more lower case letters
one or more upper case letters
one or more numbers
one or more special characters (eg., # & * ! $)

mirceaalexandru commented 8 years ago

We have all the above, without the condition for one or more special characters. What we cannot do right now is the requirement to have mix of letters and numbers or mix of upper/lowercase letters.