Password Tools 3.12.2

[Xon]

Xon updated Password Tools with a new update entry:

3.12.2 - Bugfix update

• Fix internal server error when registering an account without an email address (requires 3rd party addon to trigger)

Read the rest of this update entry...

 

[fionix]

It does not suggest strong password or does it ? Would be great if it could suggest a strong password so the user just can click continue.

 

[Foxtrek_64]

I would love to be able to configure password requirements per group. For instance, I want to set the length requirement commensurate with the user's access, with standard users being the most lax and admins being the most strict.

This corresponds with NIST's current recommendations in SP 800-63B:

Verifiers and CSPs SHALL require passwords to be a minimum of 8 characters in length and SHOULD require passwords to be a minimum of 15 characters in length.

So in my case, I might have these settings for minimum length:
Member: 8
Moderator: 12
Administrator: 15

 

[BlueGreen91]

This is a great addon, thank you! Is there a way to edit the message shown to users when they are in this pwned password usergroup? One of our users was upset that nothing showed on the page but the password change prompt, and I'm not sure how to change this (save for adding a notice for everyone in that group, but I'm not sure if it shows for those users and can't test since adding my test account to the group doesn't change anything).

 

[Xon]

I'ld recommend using the notice system to target them when they are in the pwned password group. This allows customizing exactly how it displays, and is actually why I added support for adding users to a group when the password is known compromised.

You can just adjust the criteria while you are working on the notice before setting it to all members in that group. You can further restrict notices to given pages relatively easily