I strongly support this. I want to define minimum password strengths, lengths, and combination's.I think admins should be able to set password complexity requirements for new registrations, and, can force users to change password, or define password expiry.
More forum owners would use it if it were normally available.Defining minimum password length is understandable but combination? How often do you see regular forum owners use it. I think that should be left as a modification.
My point is that these should be options available. Personally, I'd want complete control over length and combination (letters+numbers+symbols). I'm a paranoid person.I would define the lenght only.
I will say I've never liked systems that force a minimum 'strength' as all they ever seem to do is piss people off and encourage them to come up with the minimum possible to get past it.
Instead of putting restrictions down how about a random password generator that displays a random string that the user can copy and paste into the password field?
Users could then use whatever password remembering feature their browser uses to save that password. It also sidesteps the issue of the user coming up with the simplest password that will pass whatever checks are put in place.
I acknowledge something like that would need some process development and testing to see if it could be done in a way that most users could understand.
My point is that these should be options available. Personally, I'd want complete control over length and combination (letters+numbers+symbols). I'm a paranoid person.
For standard communities, I can see the drawback. For applications which security is a top consideration, it's a benefit. So like I said, this should be completely configurable in the AdminCP.I've often thought that staff members should be required to use stronger passwords than the rest of the membership. However, forcing the entire membership to use convoluted passwords will, in the long run, just piss them off. I rarely go back to a site that forces me to use the maximum combination of alphanumeric AND symbols.
Perhaps, but if this was usergroup-specific we only need to apply it for accounts that have any value on the forum (moderators, admins, anyone with access to the user information). I personally would prefer my admin to be forced to use a secure and complex password than take the risk that he's going to use "letmein".The whole point of progressive enhancements and user experience is not to add complexity.
Exactly. We have to assume that our users have no idea about security in order to secure our forums.A weak pass would be: mypass
A medium pass would be: mypassword
A strong pass would be: my1password
All three are easy to brute force
Complexity is not just length and forced numerics.
This is when you hit complexity, as it is using special characters, more than 16, and beyond default ascii.
rQ9yd3iI+#Pb|j->0%R_PS30PDcR32
wirp9\lv>2U5&94W02d'D$t6g"Dny[
A7*k[uo$Ew"lZAO"24fs-o0|wA5X+7
Nj8+`a310ZJwB.Jl}w[G1RSHka8gl0
^90&571V~DBB?oc`MLRjjMm3A~s056
etc
The reality is, your users will not go towards complexity. And when their letmein is told to be too short, they just add 123 behind it.
I have to agree, forcing "strength" will only make the users forget their passwords more.I will say I've never liked systems that force a minimum 'strength' as all they ever seem to do is piss people off and encourage them to come up with the minimum possible to get past it.
Instead of putting restrictions down how about a random password generator that displays a random string that the user can copy and paste into the password field?
Users could then use whatever password remembering feature their browser uses to save that password. It also sidesteps the issue of the user coming up with the simplest password that will pass whatever checks are put in place.
I acknowledge something like that would need some process development and testing to see if it could be done in a way that most users could understand.
We use essential cookies to make this site work, and optional cookies to enhance your experience.