Feature #21659

Introduce Password Policies

Added by Nikolas Hagelstein over 12 years ago. Updated over 5 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


Estimated time:
PHP Version:
Sprint Focus:


Currently there is no way to configure a minimum strengh of passwords within the password change dialog.

Add a configurable way to specify a minimum password strengh: lenght, complexity, special characters etc.

(issue imported from #M12722)

Related issues

Related to TYPO3 Core - Feature #37800: felogin password policy hookClosed2012-06-06

Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next loginRejected2014-05-24

Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure passwordClosed2014-02-16

Related to TYPO3 Core - Feature #80793: provide configurable password policiesOn Hold2017-04-10

Has duplicate TYPO3 Core - Feature #14711: Issue a warning when a BE user has a weak password (e.g. the same as the username)Closed2005-04-29

Has duplicate TYPO3 Core - Bug #76350: Introduce password policies for backend usersClosed2016-05-28


Updated by Steffen Gebert over 12 years ago

I think this can be done by an extension. Although this would be a neat feature, I don't see the big need to have it in core.

EDIT: As you can see in the related BT entries, there are various wishes, what can be done with passwords and failed logins. Having all this in core might be overkill.


Updated by Chris topher over 12 years ago

What you could add would be a nice bar which changes its color from red over yellow to green when entering the password.


Updated by Stephan Großberndt about 10 years ago

  • Target version deleted (0)

Updated by Mathias Schreiber over 7 years ago

  • Description updated (diff)
  • Category set to Backend User Interface
  • Status changed from New to Accepted
  • TYPO3 Version set to 7
  • PHP Version changed from 4.3 to 5.5
  • Is Regression set to No

Updated by Helmut Hummel about 6 years ago

  • Category changed from Backend User Interface to Security

The core is currently lacking the possibility to configure password policies.
This however is considered a requirement in many large scale projects and has been reported as lacking several times already.

A first step could be to introduce a min length property in TCA for input fields


Updated by Helmut Hummel about 6 years ago

  • Subject changed from Secure the BE login - Prevent the user from using weak passwords to Introduce Password Policies

Updated by Helmut Hummel about 6 years ago

  • Tracker changed from Bug to Feature

Updated by Riccardo De Contardi over 5 years ago

  • Target version set to 9 LTS

Updated by Riccardo De Contardi over 5 years ago

  • Related to Feature #80793: provide configurable password policies added

Updated by Riccardo De Contardi over 5 years ago

  • Status changed from Accepted to Closed
  • Target version deleted (9 LTS)

I close this issue in favor of #80793 , please continue the discussion there, thank you.
I have added there a reference to this issue to keep track of it

If you think that this is the wrong decision, then please reopen it or open a new ticket and add a relation to this ticket number.

Also available in: Atom PDF