We're updating the issue view to help you get more done. 

Password Strength

Description

Background: See Slack discussion from 19-Feb in #help.

Current password requirements appear to be:

  • size must be between 8 and 16

  • must contain at least 1 number

  • must not contain spaces

The recommendation would be to adhere to the latest NIST guidelines from Special Publication 800-63.

Additional advice can be found from respected security experts/developers such as Troy Hunt and Jeff Atwood. A summary conclusion is that, given current attack vectors for determining passwords, length is the most important deterrent, and dropping special character requirements increases the probability of a user being able to memorize a password (and thus not write it down on a physical medium).

Status

Assignee

Unassigned

Reporter

Alan Ivey

Components

Affects versions

3.5

Priority

Minor