Project

General

Profile

Actions
Copy link

Feature #21659

closed

Introduce Password Policies

Added by Nikolas Hagelstein almost 15 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2009-11-24
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.5
Tags:
Complexity:
Sprint Focus:

Description

Currently there is no way to configure a minimum strengh of passwords within the password change dialog.

Suggestion:
Add a configurable way to specify a minimum password strengh: lenght, complexity, special characters etc.

(issue imported from #M12722)

Related issues 6 (0 open6 closed)

Related to TYPO3 Core - Feature #37800: felogin password policy hookClosed2012-06-06

Actions
Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure passwordClosed2014-02-16

Actions
Related to TYPO3 Core - Feature #80793: provide configurable password policiesClosed2017-04-10

Actions
Has duplicate TYPO3 Core - Feature #14711: Issue a warning when a BE user has a weak password (e.g. the same as the username)Closed2005-04-29

Actions
Has duplicate TYPO3 Core - Bug #76350: Introduce password policies for backend usersClosed2016-05-28

Actions
Actions
Copy link
 #1

Updated by Steffen Gebert over 14 years ago

I think this can be done by an extension. Although this would be a neat feature, I don't see the big need to have it in core.

EDIT: As you can see in the related BT entries, there are various wishes, what can be done with passwords and failed logins. Having all this in core might be overkill.

Actions
Copy link
 #2

Updated by Chris topher over 14 years ago

What you could add would be a nice bar which changes its color from red over yellow to green when entering the password.

Actions
Copy link
 #3

Updated by Stephan Großberndt over 12 years ago

  • Target version deleted (0)
Actions
Copy link
 #4

Updated by Mathias Schreiber almost 10 years ago

  • Description updated (diff)
  • Category set to Backend User Interface
  • Status changed from New to Accepted
  • TYPO3 Version set to 7
  • PHP Version changed from 4.3 to 5.5
  • Is Regression set to No
Actions
Copy link
 #5

Updated by Helmut Hummel over 8 years ago

  • Category changed from Backend User Interface to Security

The core is currently lacking the possibility to configure password policies.
This however is considered a requirement in many large scale projects and has been reported as lacking several times already.

A first step could be to introduce a min length property in TCA for input fields

Actions
Copy link
 #6

Updated by Helmut Hummel over 8 years ago

  • Subject changed from Secure the BE login - Prevent the user from using weak passwords to Introduce Password Policies
Actions
Copy link
 #7

Updated by Helmut Hummel over 8 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #8

Updated by Riccardo De Contardi almost 8 years ago

  • Target version set to 9 LTS
Actions
Copy link
 #9

Updated by Riccardo De Contardi over 7 years ago

  • Related to Feature #80793: provide configurable password policies added
Actions
Copy link
 #10

Updated by Riccardo De Contardi over 7 years ago

  • Status changed from Accepted to Closed
  • Target version deleted (9 LTS)

I close this issue in favor of #80793 , please continue the discussion there, thank you.
I have added there a reference to this issue to keep track of it

If you think that this is the wrong decision, then please reopen it or open a new ticket and add a relation to this ticket number.

Actions
Copy link

Also available in: Atom PDF