Closed Bug 638283 Opened 13 years ago Closed 13 years ago

Implement password strength policy for AMO admin users

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect, P3)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: clyon, Assigned: andy+bugzilla)

References

(Blocks 1 open bug)

Details

This bug is different than bug #531868 where we are forcing admins/editors/reviews or users with higher privileges to have a stronger password.

1) Require minimum password length of 8 characters
2) Passwords must require letters and numbers 
3) Show password strength meter on account creation and account edit pages.
Assignee: nobody → amckay
Severity: critical → normal
Target Milestone: --- → 6.1.0
On account creation, we won't know the level of privileges that the user has, so it would just be on account edit pages, which a user might not visit.
That's all we can do for now (and for this bug).  If people have great ideas for enhancements please file new bugs.
https://github.com/jbalogh/zamboni/commit/f168a17b29a5a22a2850c67a40638bbd0f8f2f6b
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Validation is triggering on any save of the edit profile page.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
https://github.com/jbalogh/zamboni/commit/e8dc2b0312b50f62ef98991336d34e69b01b4493
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
I was able to reset my password to just be words. This is for my admin account.

STR:
1. Request to reset your password
2. Set your new password to something like 'dandelion'
3. Save changes

expected behavior:
Admin accounts need password with letters and numbers 

actual behavior:
Password without numerals is saved.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
https://github.com/jbalogh/zamboni/commit/c8a8bcd05143260cab0cdb253efe887d8a65fd3c
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.