Enhanced password requirements

[tom114]

Request for increased password requirements. Some requirements can be soft requirements (so we can just have them as recommendations on the passwords page). The requirements are:

1. [x] 8 characters long for regular users
2. [x] 11 characters long for admin users (soft requirement)
3. [x] Require upper case, lower case, numeric, and 1 special character !@#$%^&*()+?/<>=.\{}.
4. [x] Not form any words (Soft requirement)
5. [x] Not be based on any personal information (soft requirement)
6. [x] Password reset every 90 days
7. [ ] Force re-login after any password change.
8. [x] Disallow reuse of passwords.
9. [ ] Lock out users after consecutive failed login attempts.

Imported from GitLab issue #550. Originally posted on 2017/11/07 04:00PM

[joshsadam]

I watched a tutorial last night (on that Spring Framework Guru sight) that showed the basics of how to do item 9 (Lock out users after consecutive failed login attempts.) using Spring custom events. Let me know if you want me to show you it or help you with that. It is very basic and needs some extending but I think it would be a good first step.

Imported from GitLab. Originally posted on 2018/02/23 10:16AM

[tom114]

Point 9 done in !1243

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

[tom114]

Point 7 done in !1244

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

[tom114]

Points 2, 4, 5 done in !1217

Imported from GitLab. Originally posted on 2017/12/14 03:59PM