Feature #21659

Introduce Password Policies

Added by Nikolas Hagelstein over 12 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2009-11-24
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.5
Tags:
Complexity:
Sprint Focus:

Description

Currently there is no way to configure a minimum strengh of passwords within the password change dialog.

Suggestion:
Add a configurable way to specify a minimum password strengh: lenght, complexity, special characters etc.

(issue imported from #M12722)


Related issues

Related to TYPO3 Core - Feature #37800: felogin password policy hookClosed2012-06-06

Actions
Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure passwordClosed2014-02-16

Actions
Related to TYPO3 Core - Feature #80793: provide configurable password policiesOn Hold2017-04-10

Actions
Has duplicate TYPO3 Core - Feature #14711: Issue a warning when a BE user has a weak password (e.g. the same as the username)Closed2005-04-29

Actions
Has duplicate TYPO3 Core - Bug #76350: Introduce password policies for backend usersClosed2016-05-28

Actions
#1

Updated by Steffen Gebert over 12 years ago

I think this can be done by an extension. Although this would be a neat feature, I don't see the big need to have it in core.

EDIT: As you can see in the related BT entries, there are various wishes, what can be done with passwords and failed logins. Having all this in core might be overkill.

#2

Updated by Chris topher over 12 years ago

What you could add would be a nice bar which changes its color from red over yellow to green when entering the password.

#3

Updated by Stephan Großberndt about 10 years ago

  • Target version deleted (0)
#4

Updated by Mathias Schreiber over 7 years ago

  • Description updated (diff)
  • Category set to Backend User Interface
  • Status changed from New to Accepted
  • TYPO3 Version set to 7
  • PHP Version changed from 4.3 to 5.5
  • Is Regression set to No
#5

Updated by Helmut Hummel about 6 years ago

  • Category changed from Backend User Interface to Security

The core is currently lacking the possibility to configure password policies.
This however is considered a requirement in many large scale projects and has been reported as lacking several times already.

A first step could be to introduce a min length property in TCA for input fields

#6

Updated by Helmut Hummel about 6 years ago

  • Subject changed from Secure the BE login - Prevent the user from using weak passwords to Introduce Password Policies
#7

Updated by Helmut Hummel about 6 years ago

  • Tracker changed from Bug to Feature
#8

Updated by Riccardo De Contardi over 5 years ago

  • Target version set to 9 LTS
#9

Updated by Riccardo De Contardi over 5 years ago

  • Related to Feature #80793: provide configurable password policies added
#10

Updated by Riccardo De Contardi over 5 years ago

  • Status changed from Accepted to Closed
  • Target version deleted (9 LTS)

I close this issue in favor of #80793 , please continue the discussion there, thank you.
I have added there a reference to this issue to keep track of it

If you think that this is the wrong decision, then please reopen it or open a new ticket and add a relation to this ticket number.

Also available in: Atom PDF