Project

General

Profile

Actions

Feature #80793

closed

provide configurable password policies

Added by Anja Leichsenring over 7 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2017-04-10
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Admins should be able to define a password policy to follow by all users of the system.


Related issues 10 (1 open9 closed)

Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure passwordClosed2014-02-16

Actions
Related to TYPO3 Core - Feature #21659: Introduce Password PoliciesClosed2009-11-24

Actions
Related to TYPO3 Core - Feature #59074: [FE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Feature #78928: Password Recovery for Backend UserClosed2016-12-09

Actions
Related to TYPO3 Core - Feature #51479: Show somehow which user passwords are treatend as unsecure.Closed2013-08-28

Actions
Related to TYPO3 Core - Feature #37800: felogin password policy hookClosed2012-06-06

Actions
Related to TYPO3 Core - Epic #84262: [FEATURE] Update felogin to extbaseClosedHenning Liebe2013-08-16

Actions
Related to TYPO3 Core - Epic #97387: Configurable Password PoliciesUnder ReviewTorben Hansen2022-04-15

Actions
Related to TYPO3 Core - Task #99349: Use the new password policies in setupDatabaseServiceClosed2022-12-12

Actions
Actions #1

Updated by Riccardo De Contardi over 7 years ago

  • Related to Feature #59073: [BE] Ask for password-change on next login added
Actions #2

Updated by Riccardo De Contardi over 7 years ago

  • Related to Bug #56004: Retain username when entering an insecure password added
Actions #3

Updated by Riccardo De Contardi over 7 years ago

Actions #4

Updated by Riccardo De Contardi over 7 years ago

  • Related to Feature #59074: [FE] Ask for password-change on next login added
Actions #6

Updated by Riccardo De Contardi over 7 years ago

Actions #7

Updated by Riccardo De Contardi over 7 years ago

Actions #8

Updated by Riccardo De Contardi over 7 years ago

  • Related to Feature #51479: Show somehow which user passwords are treatend as unsecure. added
Actions #9

Updated by Jigal van Hemert almost 7 years ago

There are already a couple of extensions that implement this annoying behavior. Perhaps it's better to look for a library that can really calculate the strength of a password/passphrase and show that next to the field with the new password. If that works correctly it might be useful to have a setting for the minimum acceptable strength.

Actions #10

Updated by Susanne Moog almost 7 years ago

  • Target version deleted (9.0)
Actions #11

Updated by Stephan Großberndt almost 6 years ago

Actions #12

Updated by Oliver Hader over 5 years ago

  • Related to Feature #87299: Enhance password handling and two-factor authentication added
Actions #13

Updated by Stephan Großberndt over 5 years ago

  • Related to Epic #84262: [FEATURE] Update felogin to extbase added
Actions #14

Updated by Oliver Hader over 5 years ago

  • Category set to Security
Actions #15

Updated by Benni Mack over 4 years ago

  • Category changed from Security to Miscellaneous

Hey Anja,

I consulted with the security team, and we decided that this won't go into TYPO3 Core, but rather be a standalone extension (as there are multiple extensions out there already). This isn't part of the BSI requirement anymore, and thus does not need to be part of TYPO3 Core.

Actions #16

Updated by Benni Mack over 4 years ago

  • Status changed from New to On Hold
Actions #17

Updated by Torben Hansen over 2 years ago

  • Related to Epic #97387: Configurable Password Policies added
Actions #18

Updated by Oliver Hader about 2 years ago

  • Related to deleted (Feature #87299: Enhance password handling and two-factor authentication)
Actions #19

Updated by Oliver Hader about 2 years ago

  • Status changed from On Hold to New
Actions #20

Updated by Oliver Hader about 2 years ago

  • Related to deleted (Feature #69190: Add password generator "wizard")
Actions #21

Updated by Oliver Hader about 2 years ago

  • Blocked by deleted (Feature #80792: Password strength meter for BE Login)
Actions #22

Updated by Oliver Hader about 2 years ago

  • Category changed from Miscellaneous to Security
Actions #23

Updated by Oliver Hader about 2 years ago

  • Related to deleted (Epic #97387: Configurable Password Policies)
Actions #24

Updated by Oliver Hader about 2 years ago

  • Status changed from New to Closed

→ continue at #97387 for TYPO3 v12

Actions #25

Updated by Oliver Hader about 2 years ago

  • Related to Epic #97387: Configurable Password Policies added
Actions #26

Updated by Jochen Roth almost 2 years ago

  • Related to Task #99349: Use the new password policies in setupDatabaseService added
Actions

Also available in: Atom PDF