Feature #80793

provide configurable password policies

Added by Anja Leichsenring about 3 years ago. Updated 3 months ago.

Status:
On Hold
Priority:
Should have
Assignee:
-
Category:
Miscellaneous
Target version:
-
Start date:
2017-04-10
Due date:
% Done:

0%

PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Admins should be able to define a password policy to follow by all users of the system.


Related issues

Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next login Rejected 2014-05-24
Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure password Closed 2014-02-16
Related to TYPO3 Core - Feature #21659: Introduce Password Policies Closed 2009-11-24
Related to TYPO3 Core - Feature #59074: [FE] Ask for password-change on next login Rejected 2014-05-24
Related to TYPO3 Core - Task #50168: Documentation in case of a forgotten password is poor Closed 2013-07-18
Related to TYPO3 Core - Feature #69190: Add password generator "wizard" New 2015-08-19
Related to TYPO3 Core - Feature #78928: Password Recovery for Backend User Closed 2016-12-09
Related to TYPO3 Core - Feature #51479: Show somehow which user passwords are treatend as unsecure. Closed 2013-08-28
Related to TYPO3 Core - Feature #37800: felogin password policy hook Closed 2012-06-06
Related to TYPO3 Core - Feature #87299: Enhance password handling and two-factor authentication New 2018-12-27
Related to TYPO3 Core - Epic #84262: [FEATURE] Update felogin to extbase Closed 2012-07-10
Blocked by TYPO3 Core - Feature #80792: Password strength meter for BE Login New 2017-04-10

History

#1 Updated by Riccardo De Contardi about 3 years ago

  • Related to Feature #59073: [BE] Ask for password-change on next login added

#2 Updated by Riccardo De Contardi about 3 years ago

  • Related to Bug #56004: Retain username when entering an insecure password added

#3 Updated by Riccardo De Contardi about 3 years ago

#4 Updated by Riccardo De Contardi about 3 years ago

  • Related to Feature #59074: [FE] Ask for password-change on next login added

#5 Updated by Riccardo De Contardi about 3 years ago

  • Related to Task #50168: Documentation in case of a forgotten password is poor added

#6 Updated by Riccardo De Contardi about 3 years ago

#7 Updated by Riccardo De Contardi about 3 years ago

#8 Updated by Riccardo De Contardi about 3 years ago

  • Related to Feature #51479: Show somehow which user passwords are treatend as unsecure. added

#9 Updated by Jigal van Hemert over 2 years ago

There are already a couple of extensions that implement this annoying behavior. Perhaps it's better to look for a library that can really calculate the strength of a password/passphrase and show that next to the field with the new password. If that works correctly it might be useful to have a setting for the minimum acceptable strength.

#10 Updated by Susanne Moog over 2 years ago

  • Target version deleted (9.0)

#11 Updated by Stephan Großberndt over 1 year ago

#12 Updated by Oliver Hader about 1 year ago

  • Related to Feature #87299: Enhance password handling and two-factor authentication added

#13 Updated by Stephan Großberndt about 1 year ago

  • Related to Epic #84262: [FEATURE] Update felogin to extbase added

#14 Updated by Oliver Hader about 1 year ago

  • Category set to Security

#15 Updated by Benni Mack 3 months ago

  • Category changed from Security to Miscellaneous

Hey Anja,

I consulted with the security team, and we decided that this won't go into TYPO3 Core, but rather be a standalone extension (as there are multiple extensions out there already). This isn't part of the BSI requirement anymore, and thus does not need to be part of TYPO3 Core.

#16 Updated by Benni Mack 3 months ago

  • Status changed from New to On Hold

Also available in: Atom PDF