Resource icon

Password Tools 3.12.2

No permission to download
Overview FAQ Updates (30) Reviews (3) History Discussion
It does not suggest strong password or does it ? Would be great if it could suggest a strong password so the user just can click continue.
 
I would love to be able to configure password requirements per group. For instance, I want to set the length requirement commensurate with the user's access, with standard users being the most lax and admins being the most strict.

This corresponds with NIST's current recommendations in SP 800-63B:
Verifiers and CSPs SHALL require passwords to be a minimum of 8 characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
Click to expand...
So in my case, I might have these settings for minimum length:
Member: 8
Moderator: 12
Administrator: 15
 
This is a great addon, thank you! Is there a way to edit the message shown to users when they are in this pwned password usergroup? One of our users was upset that nothing showed on the page but the password change prompt, and I'm not sure how to change this (save for adding a notice for everyone in that group, but I'm not sure if it shows for those users and can't test since adding my test account to the group doesn't change anything).
 
I'ld recommend using the notice system to target them when they are in the pwned password group. This allows customizing exactly how it displays, and is actually why I added support for adding users to a group when the password is known compromised.

You can just adjust the criteria while you are working on the notice before setting it to all members in that group. You can further restrict notices to given pages relatively easily
 
@Xon

Odd bug here. With Minimum password length set to 15, trying to use either Send password reset or Security lock: Locked: User must reset password from the ACP user edit screen throws this error:

1758056478123.webp

If I set it to 10 the error goes away and I can proceed. Happens with both XF 2.2 and 2.3.
 
You must log in or register to reply here.

Similar threads

Saarbruecken
Fixed Password to Elastic Search is shown as plain text in Server Error Log
Replies
8
Views
245
Saarbruecken
Saarbruecken
Painbaker
[XB] Password Change Permission [Deleted]
Replies
1
Views
23
Painbaker
Painbaker
Ozzy47
[OzzModz] Password Change Permissions [Deleted]
Replies
1
Views
10
Ozzy47
Ozzy47
CZ Eddie
  • Question Question
XF 2.3 A password reset request has been emailed to you. Please follow the instructions in that email.
Replies
0
Views
34
CZ Eddie
CZ Eddie
D
Password Tools - FRENCH translation [Deleted]
Replies
3
Views
473
Ozzy47
Ozzy47
Back
Top Bottom