Forums / General / How can I force users to have strong passwords?

How can I force users to have strong passwords?

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Hilary Boyce

Tuesday 13 November 2007 8:15:39 am

I cannot find anything on ez.no about how to ensure users select reasonably secure passwords, eg length, type of characters used. It seems to be possible to set the length if the GeneratePasswordIfEmpty setting in site.ini is set to true, but even this does not mean users cannot select their own password.

We have a site with a members area that we want to ensure is as secure as possible and we can see our members being very sloppy about passwords.

Am I missing something?

Has anyone else worked done something to solve this problem?

Heath

Tuesday 13 November 2007 8:25:15 am

Hello Hilary,

This is a wise feature request. I would urge you to file it on http://issues.ez.no

Alternatively, you may wish to modify a copy of the user module within a custom module extension to offer the the customized user/register.php to users (with your additional php code to provide for extended password validation and increased user password security).

Cheers,
Heath

Brookins Consulting | http://brookinsconsulting.com/
Certified | http://auth.ez.no/certification/verify/380350
Solutions | http://projects.ez.no/users/community/brookins_consulting
eZpedia community documentation project | http://ezpedia.org

Andre Bottin

Wednesday 29 June 2011 7:28:26 am

That request is already 4 years old! I've just done another unsuccessful search on this site for such a feature / extension, does this mean there's not one? 

EAB - Integrated Internet Success
Offices in England, France & China.
http://www.eab.co.uk http://www.eab-china.com http://www.eab-france.com

Steven E. Bailey

Wednesday 29 June 2011 9:41:55 am

I vaguely remember an extension did this... but I don't remember what it was and it could even be that it was for 3.10 or something, that memory is pretty old.

It wouldn't be that hard to do as an extension.

Certified eZPublish developer
http://ez.no/certification/verify/396111

Available for ezpublish troubleshooting, hosting and custom extension development: http://www.leidentech.com

Gabriel Finkelstein

Sunday 03 July 2011 10:55:20 am

I think you mean this one:

http://projects.ez.no/mbpaex

Steven E. Bailey

Monday 04 July 2011 7:20:18 am

@Gabriel - I think you're right.

Well, then, mbpaex doesn't do anything to ensure the password is not too easy... it just expires the passwords at a given interval.

I still don't think this would be that hard to implement.  Basically check to see that the password is not the same as the login, or a variation of the the login - i.e. login12 or nigol, then maybe check the hash against a rainbow table of dictionary words (and that should be generated with multiple interchangeable dictionaries for different languages - I would start with a dictionary of the 500 most common passwords).  Then maybe also check with a regular expression whether there is at least one of each: punctuation character, number, letter of each case.  There is already a length check built-in.

Actually, if anyone wants to pay me to write this, message me.

 

Certified eZPublish developer
http://ez.no/certification/verify/396111

Available for ezpublish troubleshooting, hosting and custom extension development: http://www.leidentech.com

eZ debug

Timing: Jan 29 2025 13:47:19
Script start
Timing: Jan 29 2025 13:47:19
Module start 'content'
Timing: Jan 29 2025 13:47:19
Module end 'content'
Timing: Jan 29 2025 13:47:19
Script end

Main resources:

Total runtime0.1468 sec
Peak memory usage2,048.0000 KB
Database Queries141

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0058 588.0547180.8203
Module start 'content' 0.00580.0049 768.8750101.8984
Module end 'content' 0.01070.1359 870.7734530.2500
Script end 0.1466  1,401.0234 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00332.2150200.0002
Check MTime0.00130.8816200.0001
Mysql Total
Database connection0.00090.619310.0009
Mysqli_queries0.101368.99531410.0007
Looping result0.00120.82661390.0000
Template Total0.135592.410.1355
Template load0.00070.501510.0007
Template processing0.134891.833010.1348
Override
Cache load0.00050.339210.0005
Sytem overhead
Fetch class attribute can translate value0.00120.811510.0012
XML
Image XML parsing0.00020.144410.0002
General
dbfile0.00644.3513200.0003
String conversion0.00000.003430.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0002 secs