Feature #80793

provide configurable password policies

Added by Anja Leichsenring about 4 years ago. Updated about 1 year ago.

Status:
On Hold
Priority:
Should have
Assignee:
-
Category:
Miscellaneous
Target version:
-
Start date:
2017-04-10
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Admins should be able to define a password policy to follow by all users of the system.


Related issues

Related to TYPO3 Core - Feature #59073: [BE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Bug #56004: Retain username when entering an insecure passwordClosed2014-02-16

Actions
Related to TYPO3 Core - Feature #21659: Introduce Password PoliciesClosed2009-11-24

Actions
Related to TYPO3 Core - Feature #59074: [FE] Ask for password-change on next loginRejected2014-05-24

Actions
Related to TYPO3 Core - Task #50168: Documentation in case of a forgotten password is poorClosed2013-07-18

Actions
Related to TYPO3 Core - Feature #69190: Add password generator "wizard"New2015-08-19

Actions
Related to TYPO3 Core - Feature #78928: Password Recovery for Backend UserClosed2016-12-09

Actions
Related to TYPO3 Core - Feature #51479: Show somehow which user passwords are treatend as unsecure.Closed2013-08-28

Actions
Related to TYPO3 Core - Feature #37800: felogin password policy hookClosed2012-06-06

Actions
Related to TYPO3 Core - Feature #87299: Enhance password handling and two-factor authenticationNew2018-12-27

Actions
Related to TYPO3 Core - Epic #84262: [FEATURE] Update felogin to extbaseClosedHenning Liebe2013-08-16

Actions
Blocked by TYPO3 Core - Feature #80792: Password strength meter for BE LoginNew2017-04-10

Actions
#1

Updated by Riccardo De Contardi about 4 years ago

  • Related to Feature #59073: [BE] Ask for password-change on next login added
#2

Updated by Riccardo De Contardi about 4 years ago

  • Related to Bug #56004: Retain username when entering an insecure password added
#3

Updated by Riccardo De Contardi about 4 years ago

#4

Updated by Riccardo De Contardi about 4 years ago

  • Related to Feature #59074: [FE] Ask for password-change on next login added
#5

Updated by Riccardo De Contardi about 4 years ago

  • Related to Task #50168: Documentation in case of a forgotten password is poor added
#6

Updated by Riccardo De Contardi about 4 years ago

#7

Updated by Riccardo De Contardi about 4 years ago

#8

Updated by Riccardo De Contardi about 4 years ago

  • Related to Feature #51479: Show somehow which user passwords are treatend as unsecure. added
#9

Updated by Jigal van Hemert over 3 years ago

There are already a couple of extensions that implement this annoying behavior. Perhaps it's better to look for a library that can really calculate the strength of a password/passphrase and show that next to the field with the new password. If that works correctly it might be useful to have a setting for the minimum acceptable strength.

#10

Updated by Susanne Moog over 3 years ago

  • Target version deleted (9.0)
#11

Updated by Stephan Großberndt over 2 years ago

#12

Updated by Oliver Hader over 2 years ago

  • Related to Feature #87299: Enhance password handling and two-factor authentication added
#13

Updated by Stephan Großberndt about 2 years ago

  • Related to Epic #84262: [FEATURE] Update felogin to extbase added
#14

Updated by Oliver Hader about 2 years ago

  • Category set to Security
#15

Updated by Benni Mack about 1 year ago

  • Category changed from Security to Miscellaneous

Hey Anja,

I consulted with the security team, and we decided that this won't go into TYPO3 Core, but rather be a standalone extension (as there are multiple extensions out there already). This isn't part of the BSI requirement anymore, and thus does not need to be part of TYPO3 Core.

#16

Updated by Benni Mack about 1 year ago

  • Status changed from New to On Hold

Also available in: Atom PDF