stonith404
🚀 Feature: Share password policy
🔖 Feature description
It would be really nice, if you could define password policy. For the beginn, also setting the min. password lenght to 8 would be awesome.
🎤 Pitch
We're using pingvin in our company for transfering different kind of documents and images. And some lazy users just setting 123 or aaa as password. :-)
The requirement is that the password must be at least 8 chars. Are you sure that this isn't validated correctly?
So you mean, it should already at least 8 chars? Just checked, with only 3 it's ok.
@chileocat Oh you mean the share password. I though you mean the user password. I keep this open then.
Password requirements are a complex topic because there are many variables. Require a minimum length, require uppercase/lowercase characters, require digits, require special symbols, disallow common passwords etc.
I think adding too many options for this is not really useful. My ideas currently:
- minimum share password length - nothing more and nothing less
- toggle to
require secure passwords- either there are no requirements (I would even lower the min password length to 1) or you need at least one uppercase and lowercase character, a digit, maybe a special symbol, and minimum password length is 8
Also maybe a toggle to require shares to have passwords?
What do you guys think?
requiring the presence of certain characters in the password would bar the usage of passphrases or "special" charsets (ie non-ascii ones) that people may use, making the password more annoying, harder, and weaker to use (because sadly password managers are not that commonly used), see OWASP on this.
A minimum of 8 characters enforced on password fields would definitely be good.
