irida icon indicating copy to clipboard operation
irida copied to clipboard

Published 20 hours ago verified publisher icon phac-nml

Enhanced password requirements

Open tom114 opened this issue 6 years ago • 4 comments

Request for increased password requirements. Some requirements can be soft requirements (so we can just have them as recommendations on the passwords page). The requirements are:

  1. [x] 8 characters long for regular users
  2. [x] 11 characters long for admin users (soft requirement)
  3. [x] Require upper case, lower case, numeric, and 1 special character !@#$%^&*()+?/<>=.\{}.
  4. [x] Not form any words (Soft requirement)
  5. [x] Not be based on any personal information (soft requirement)
  6. [x] Password reset every 90 days
  7. [ ] Force re-login after any password change.
  8. [x] Disallow reuse of passwords.
  9. [ ] Lock out users after consecutive failed login attempts.

Imported from GitLab issue #550. Originally posted on 2017/11/07 04:00PM

tom114 avatar Nov 16 '18 20:11 tom114

I watched a tutorial last night (on that Spring Framework Guru sight) that showed the basics of how to do item 9 (Lock out users after consecutive failed login attempts.) using Spring custom events. Let me know if you want me to show you it or help you with that. It is very basic and needs some extending but I think it would be a good first step.

Imported from GitLab. Originally posted on 2018/02/23 10:16AM

joshsadam avatar Nov 16 '18 20:11 joshsadam

Point 9 done in !1243

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

tom114 avatar Nov 16 '18 20:11 tom114

Point 7 done in !1244

Imported from GitLab. Originally posted on 2018/01/23 11:09AM

tom114 avatar Nov 16 '18 20:11 tom114

Points 2, 4, 5 done in !1217

Imported from GitLab. Originally posted on 2017/12/14 03:59PM

tom114 avatar Nov 16 '18 20:11 tom114