Allow admins to configure the minimum password length

RESOLVED WORKSFORME

Status

()

P4
enhancement
RESOLVED WORKSFORME
13 years ago
8 years ago

People

(Reporter: timeless, Unassigned)

Tracking

(Blocks: 1 bug)

Details

(Reporter)

Description

13 years ago
[% ELSIF error == "password_too_short" %]
    [% title = "Password Too Short" %]
    The password is less than three characters long. It must be at least
    three characters.

--
My company's product would complain about this. So, here I am complaining. There should be a way to set the minimium password length, and the error message should reflect that length.

Or perhaps it shouldn't reflect the lenght. I dunno.

Updated

13 years ago
Severity: normal → enhancement
OS: MacOS X → All
Priority: -- → P4
Hardware: Macintosh → All
Summary: Why is password_too_short fixed to 3 characters? → Allow admins to configure the minimum password length

Comment 1

13 years ago
Could we also include a check box for:
Passwords must include:
[ ] Capital [ ] Digit [ ] Special Character

Updated

12 years ago
Assignee: administration → user-accounts
Status: UNCONFIRMED → NEW
Component: Administration → User Accounts
Ever confirmed: true

Comment 2

12 years ago
Due to security reason it should be more important than enhancement.

Comment 3

9 years ago
(In reply to comment #0)
> [% ELSIF error == "password_too_short" %]
>     [% title = "Password Too Short" %]
>     The password is less than three characters long. It must be at least
>     three characters.

This message has been fixed in bug 332598. Not sure we want a UI for this, though.

Comment 4

9 years ago
(In reply to comment #2)
> Due to security reason it should be more important than enhancement.

I would agree with this. This should be a higher priority.
(In reply to comment #4)
> (In reply to comment #2)
> > Due to security reason it should be more important than enhancement.
> 
> I would agree with this. This should be a higher priority.

Severity != Priority. This is still just an enhancement, but it could be ranked at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug 524368) increases the minimum password length from 3 to 6, which is definitely an improvement. However, it's trivial to change this minimum length in the code (just one line in Bugzilla/Constants.pm).

I'd much rather see something like comment #1 added so better checks could be made on the password.

Comment 6

9 years ago
(In reply to comment #5)
> Severity != Priority. This is still just an enhancement, but it could be ranked
> at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug
> 524368) increases the minimum password length from 3 to 6, which is definitely
> an improvement. However, it's trivial to change this minimum length in the code
> (just one line in Bugzilla/Constants.pm).
> 
> I'd much rather see something like comment #1 added so better checks could be
> made on the password.

I would rather seem complexity requirements then length as stated in comment #1. I would think length should have the same option but as you pointed out, it is an easy change.

Comment 7

9 years ago
  If you'd like complexity requirements instead, then that would belong on another bug. This bug is about the minimum password length, only.

Comment 8

9 years ago
(In reply to comment #7)
>   If you'd like complexity requirements instead, then that would belong on
> another bug. This bug is about the minimum password length, only.

agreed. we will be submitted another bug for complexity.

Comment 9

8 years ago
I don't think we want a parameter for this. 99% of installations probably won't change the default value at all (currently 6), and the remaining 1% may have an idea how to edit it. My vote to wontfix this bug. Bug 558803 makes much more sense.
Whiteboard: WONTFIX?
The constant added in bug 524368 is relatively easy to change so I'd agree. Especially since lately we have been making UI more simple, not more complex. Although, marking WFM since technically we have done what description says (no mention of UI there). :)
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
Whiteboard: WONTFIX?
You need to log in before you can comment on or make changes to this bug.