Closed funkyfuture closed 5 years ago
You can define your password constraints in password-rules.properties. I think documentation about this is missing or not well visible ;)
thanks, i changed the issue title to reflect my follow-up impulse. ;-)
We decided on this default password constraints. It's up to any user to change them.
i'm testing Kitodo 3.0 beta 1. when creating a new user, the interface tells me that a password should contain at least a digit and a special character. these constraints have commonly been rejected as they do not increase security and indeed are a horrible ux. i could elaborate more, but i don't know what your discussion on that has been and just refer to this blog post that discusses the overhauled nist recommendations for now.