henning-gerhardt
commented
5 years ago You can define your password constraints in password-rules.properties. I think documentation about this is missing or not well visible ;)
Closed funkyfuture closed 5 years ago
henning-gerhardt
commented
5 years ago You can define your password constraints in password-rules.properties. I think documentation about this is missing or not well visible ;)
funkyfuture
commented
5 years ago thanks, i changed the issue title to reflect my follow-up impulse. ;-)
Kathrin-Huber
commented
5 years ago We decided on this default password constraints. It's up to any user to change them.
i'm testing Kitodo 3.0 beta 1. when creating a new user, the interface tells me that a password should contain at least a digit and a special character. these constraints have commonly been rejected as they do not increase security and indeed are a horrible ux. i could elaborate more, but i don't know what your discussion on that has been and just refer to this blog post that discusses the overhauled nist recommendations for now.