Closed Bug 572147 Opened 15 years ago Closed 14 years ago

Weak Password Controls for Admin Accounts

Categories

(Websites Graveyard :: drumbeat.org, defect)

Product:
Websites Graveyard
Component:
drumbeat.org
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mcoates, Unassigned)

Details

(Whiteboard: [infrasec:auth])

Issue The password policy requires a password to be at least 8 characters but does not require a mixture of letters, numbers or special characters. As a result the password 12345678 is valid. The system does use JavaScript to rate the strength of the password and provide tips to the user to increase the strength of the password. Recommended Solution This approach may be appropriate for general internet user accounts. However, stricter controls should be required for any admin or site admin account. These accounts should be required to adhere to the following: - At Least 8 characters - Combination of letters, numbers and at least one special character These additional controls are intended to ensure the most powerful accounts are using appropriately strong passwords.
Drupal based version drumbeat.org has been retired. This is not an issue on the current version.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.