Registered User
Password plugin - force users to change password / password strength?
Hi.
Is there any hack (or any plan to change the plugin) to force users to change passwords?
Also, the same to enforce a certain password strength (like not using parts of username, a minimum length, a certain types of characters (alpha+digits+other marks) etc?
Maybe also to not allow login to POP3/IMAP/SMTP before password is changed and a custom message if user tries to login with an email client?
Thanks!
Administrator
Enforce a password strength wouldn't be that hard you just have to add JavaScript to the form to check if there password met all of the requirements. Not allow users to login to another email client before they change there password would be server-side and couldn't be done with RoundCube.
Registered User
I see that there is something similar in the latest SVN trunk (btw, this is how I found out 'password' is not a third-party plugin, is in core). But it only accepts minimum size for password and the presence/absence of other chars than alphanumeric.
This should be expanded as I said above:
- test for alpha parts of username bigger than 3 not to be included in password (if username is "user.name.xx.2009", test for "user" and "name")
- minimum number of digits
- minimum number of another non-alphanumeric characters
Also, it would be nice to test for presence of certain white spaces ("\n", "\r", "\t") and warn/disallow to change in that case. Very useful if a user notes down in a file a password, and copy-pastes it with line-endings/spaces. Then, when writing it down by hand in the password box, he/she can't login and doesn't know why (it happened...)
Last edited by maxie_ro; 10-12-2009 at 11:16 AM. Reason: Reason for not allowing certain white spaces
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote