iam
iam copied to clipboard
indigo-iam
Local accounts: check password quality
Hi,
Currently, when defining the password for an IAM account, the only requirement is that the password is at least 6 characters. This looks very weak, considering that IAM is a central authentication service giving potentially access to a lot of resources. If it is not necessarily a problem when you disable/hide local account support, it is a major one if you enable IAM login through user/pwd.
An urgent first step would be to require at least 8 characters and to check for a mix of letters, characters and symbols. On the long term, the ability to define the criteria, at least the minimum length, would be good. And the ability to check the password with a service like https://haveibeenpwned.com would be great!
Cheers,
Michel
