Menu

#626 Password Complexity

open
nobody
None
5
2012-09-17
2011-06-20
stollie12
No

When entering a password check the password to ensure it meets the Password Policy. As with the Random password generation, allow the acceptance of a password that does not meet the Password Policy Random password generation rules.

Discussion

  • DrK

    DrK - 2011-06-20

    This is in 2 parts:
    1. When entering a password check the password to ensure it meets the Password Policy.

    The password policy only applies to a password generated by Password Safe. We must allow the user to change the password if they need to make it more memorable or satisfy some criteria.

    1. As with the Random password generation, allow the acceptance of a password that does not meet the Password Policy Random password generation rules.

    The user can always change or override a randomly generated password once it has been generated.

    David

     
  • stollie12

    stollie12 - 2011-06-20

    Overall need: Can the password policy be set to apply to both user entered and Password Safe generated passwords?

    THANKS!

     
  • DrK

    DrK - 2011-06-20

    I don't think so - we would not want to stop the user entering any password they choose and enforcing the Password Policy would stop this.

    David

     
  • stollie12

    stollie12 - 2011-06-20

    I am so sorry that my very brief descriptions may have lead to some confusion - very poor wording on my part. Maybe a little better explanation:
    The current version has a Password Policy that can be set for Password Safe generated passwords only.
    1. If a user changes the generated password so it would be more meaningful and easier to remember, can a warning be displayed that would notify the user if the password doesn't meet the policy and allow them to accept the less restrictive password and continue?
    2. Can the same type of Password Policy be set up to be used for User entered passwords with the same warning to notify the user if the password doesn't meet the policy and allow them to accept their less restrictive password and continue?
    We don't want to "force" the user (me) to meet what might be considered an unreasonable policy, but would like to be able to check which passwords would meet a standardized password policy and which would not meet that same password policy.
    Thanks!

     

Log in to post a comment.