Closed Bug 330846 Opened 18 years ago Closed 14 years ago

Allow admins to configure the minimum password length

Categories

(Bugzilla :: User Accounts, enhancement, P4)

Product:
Bugzilla
Component:
User Accounts
Version:
2.20.1
Type:
enhancement

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

References

Details

[% ELSIF error == "password_too_short" %]
    [% title = "Password Too Short" %]
    The password is less than three characters long. It must be at least
    three characters.

--
My company's product would complain about this. So, here I am complaining. There should be a way to set the minimium password length, and the error message should reflect that length.

Or perhaps it shouldn't reflect the lenght. I dunno.
Severity: normal → enhancement
OS: MacOS X → All
Priority: -- → P4
Hardware: Macintosh → All
Summary: Why is password_too_short fixed to 3 characters? → Allow admins to configure the minimum password length
Could we also include a check box for:
Passwords must include:
[ ] Capital [ ] Digit [ ] Special Character
Assignee: administration → user-accounts
Status: UNCONFIRMED → NEW
Component: Administration → User Accounts
Ever confirmed: true
Due to security reason it should be more important than enhancement.
(In reply to comment #0)
> [% ELSIF error == "password_too_short" %]
>     [% title = "Password Too Short" %]
>     The password is less than three characters long. It must be at least
>     three characters.

This message has been fixed in bug 332598. Not sure we want a UI for this, though.
(In reply to comment #2)
> Due to security reason it should be more important than enhancement.

I would agree with this. This should be a higher priority.
(In reply to comment #4)
> (In reply to comment #2)
> > Due to security reason it should be more important than enhancement.
> 
> I would agree with this. This should be a higher priority.

Severity != Priority. This is still just an enhancement, but it could be ranked at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug 524368) increases the minimum password length from 3 to 6, which is definitely an improvement. However, it's trivial to change this minimum length in the code (just one line in Bugzilla/Constants.pm).

I'd much rather see something like comment #1 added so better checks could be made on the password.
(In reply to comment #5)
> Severity != Priority. This is still just an enhancement, but it could be ranked
> at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug
> 524368) increases the minimum password length from 3 to 6, which is definitely
> an improvement. However, it's trivial to change this minimum length in the code
> (just one line in Bugzilla/Constants.pm).
> 
> I'd much rather see something like comment #1 added so better checks could be
> made on the password.

I would rather seem complexity requirements then length as stated in comment #1. I would think length should have the same option but as you pointed out, it is an easy change.
  If you'd like complexity requirements instead, then that would belong on another bug. This bug is about the minimum password length, only.
(In reply to comment #7)
>   If you'd like complexity requirements instead, then that would belong on
> another bug. This bug is about the minimum password length, only.

agreed. we will be submitted another bug for complexity.
I don't think we want a parameter for this. 99% of installations probably won't change the default value at all (currently 6), and the remaining 1% may have an idea how to edit it. My vote to wontfix this bug. Bug 558803 makes much more sense.
Whiteboard: WONTFIX?
The constant added in bug 524368 is relatively easy to change so I'd agree. Especially since lately we have been making UI more simple, not more complex. Although, marking WFM since technically we have done what description says (no mention of UI there). :)
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Whiteboard: WONTFIX?
You need to log in before you can comment on or make changes to this bug.