search

phac-nml / irida

Canada’s Integrated Rapid Infectious Disease Analysis Platform for Genomic Epidemiology
https://irida.ca
Apache License 2.0
40 stars 31 forks source link

Enhanced password requirements #116

Open tom114 opened 6 years ago

tom114 commented 6 years ago

Request for increased password requirements. Some requirements can be soft requirements (so we can just have them as recommendations on the passwords page). The requirements are:

  1. [x] 8 characters long for regular users
  2. [x] 11 characters long for admin users (soft requirement)
  3. [x] Require upper case, lower case, numeric, and 1 special character !@#$%^&*()+?/<>=.\{}.
  4. [x] Not form any words (Soft requirement)
  5. [x] Not be based on any personal information (soft requirement)
  6. [x] Password reset every 90 days
  7. [ ] Force re-login after any password change.
  8. [x] Disallow reuse of passwords.
  9. [ ] Lock out users after consecutive failed login attempts.

Imported from GitLab issue #550. Originally posted on 2017/11/07 04:00PM

joshsadam commented 6 years ago

I watched a tutorial last night (on that Spring Framework Guru sight) that showed the basics of how to do item 9 (Lock out users after consecutive failed login attempts.) using Spring custom events. Let me know if you want me to show you it or help you with that. It is very basic and needs some extending but I think it would be a good first step.

Imported from GitLab. Originally posted on 2018/02/23 10:16AM

tom114 commented 6 years ago

Point 9 done in !1243

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

tom114 commented 6 years ago

Point 7 done in !1244

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

tom114 commented 6 years ago

Points 2, 4, 5 done in !1217

Imported from GitLab. Originally posted on 2017/12/14 03:59PM