Enforcement of password complexity rules

lmika-bom commented 8 years ago

It looks like the Bureau will need to implement password complexity and validation rules shortly to comply with operational requirements. I could imagine that we will not be the only one. Examples of some of the rules the Bureau will need to implement:

Minimum password lengths (this may be dependent on what makes up the password - a password of a certain length does not need to include special characters, for example).
Minimum number of characters from specific sets (lower-case, upper-case, numbers, symbols).

OpenWIS will need to be change to support setting rules governing password complexity and checking that new passwords supplied by the user comply with these rules. The particular rules need to be displayed to the user, along with any validation errors. Since this is something that will change from implementer to implementer, it is necessary that these rules are exposed as configuration somewhere.

lmika-bom commented 7 years ago

Required for the Bureau, but we'll just modify our own fork. Would be nice for version 4.

rogers492 commented 7 years ago

This issue was moved to OpenWIS/openwis4#54

woollattd commented 6 years ago

reopened since OpenWIS v3.x is in maintenance mode for next 6 years so this still applies

OpenWIS / openwis

Enforcement of password complexity rules #197