Improve security measures - Githubissues

WaldorfConnect / portal

Central authentication and management platform - guidepost to all our services!

https://portal.waldorfconnect.de

MIT License

2 stars 0 forks source link

Improve security measures #48

Open linusgke opened 12 months ago

linusgke commented 12 months ago

Add password policy for strong passwords
Lock users accounts if certain amount of unsuccessful login attempts is surpassed

lchristmann commented 12 months ago

Password Policy Suggestion:
We could implement the recommendations of the BSI for creating secure passwords.

Under "Length and complexity: Two crucial characteristics" they suggest:

Character types refers in the following to: BigLetter, SmallLetter, Number, SpecialSymbol

either a long password (20+ chars) having two types of characters
or a short password (8+ chars) having all 4 types of characters

So you must have either short & complex or long & less complex or both. People could choose.

lchristmann commented 12 months ago

How about a maximum login attempts of 12?