How can I force users to have strong passwords?

«

Previous topic

|

|

Next topic

»

Author	Message
Hilary Boyce	Tuesday 13 November 2007 8:15:39 am I cannot find anything on ez.no about how to ensure users select reasonably secure passwords, eg length, type of characters used. It seems to be possible to set the length if the GeneratePasswordIfEmpty setting in site.ini is set to true, but even this does not mean users cannot select their own password. We have a site with a members area that we want to ensure is as secure as possible and we can see our members being very sloppy about passwords. Am I missing something? Has anyone else worked done something to solve this problem?
Heath	Tuesday 13 November 2007 8:25:15 am Hello Hilary, This is a wise feature request. I would urge you to file it on http://issues.ez.no Alternatively, you may wish to modify a copy of the user module within a custom module extension to offer the the customized user/register.php to users (with your additional php code to provide for extended password validation and increased user password security). Cheers, Heath Brookins Consulting \| http://brookinsconsulting.com/ Certified \| http://auth.ez.no/certification/verify/380350 Solutions \| http://projects.ez.no/users/community/brookins_consulting eZpedia community documentation project \| http://ezpedia.org
Andre Bottin	Wednesday 29 June 2011 7:28:26 am That request is already 4 years old! I've just done another unsuccessful search on this site for such a feature / extension, does this mean there's not one? EAB - Integrated Internet Success Offices in England, France & China. http://www.eab.co.uk http://www.eab-china.com http://www.eab-france.com
Steven E. Bailey	Wednesday 29 June 2011 9:41:55 am I vaguely remember an extension did this... but I don't remember what it was and it could even be that it was for 3.10 or something, that memory is pretty old. It wouldn't be that hard to do as an extension. Certified eZPublish developer http://ez.no/certification/verify/396111 Available for ezpublish troubleshooting, hosting and custom extension development: http://www.leidentech.com
Gabriel Finkelstein	Sunday 03 July 2011 10:55:20 am I think you mean this one: http://projects.ez.no/mbpaex
Steven E. Bailey	Monday 04 July 2011 7:20:18 am @Gabriel - I think you're right. Well, then, mbpaex doesn't do anything to ensure the password is not too easy... it just expires the passwords at a given interval. I still don't think this would be that hard to implement. Basically check to see that the password is not the same as the login, or a variation of the the login - i.e. login12 or nigol, then maybe check the hash against a rainbow table of dictionary words (and that should be generated with multiple interchangeable dictionaries for different languages - I would start with a dictionary of the 500 most common passwords). Then maybe also check with a regular expression whether there is at least one of each: punctuation character, number, letter of each case. There is already a length check built-in. Actually, if anyone wants to pay me to write this, message me. Certified eZPublish developer http://ez.no/certification/verify/396111 Available for ezpublish troubleshooting, hosting and custom extension development: http://www.leidentech.com

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing:	Jan 30 2025 00:13:43
Script start
Timing:	Jan 30 2025 00:13:43
Module start 'layout'
Timing:	Jan 30 2025 00:13:43
Module start 'content'
Timing:	Jan 30 2025 00:13:43
Module end 'content'
Timing:	Jan 30 2025 00:13:43
Script end

Main resources:

Total runtime	0.0188 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0071	588.2578	151.2266
Module start 'layout'	0.0072	0.0038	739.4844	36.6797
Module start 'content'	0.0110	0.0059	776.1641	98.1563
Module end 'content'	0.0169	0.0018	874.3203	37.9922
Script end	0.0187		912.3125

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0025	13.2164	14	0.0002
Check MTime	0.0012	6.2142	14	0.0001
Mysql Total
Database connection	0.0007	3.8413	1	0.0007
Mysqli_queries	0.0052	27.8024	3	0.0017
Looping result	0.0000	0.1381	1	0.0000
Template Total	0.0012	6.2	1	0.0012
Template load	0.0009	4.9207	1	0.0009
Template processing	0.0002	1.2758	1	0.0002
Override
Cache load	0.0006	3.3903	1	0.0006
General
dbfile	0.0004	2.3641	8	0.0001
String conversion	0.0000	0.0595	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs