Stronger passwords

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • partomas
    Active Community Member
    • Sep 2018
    • 331

    Stronger passwords

    Hello i have two requests:
    1. the ability to set mandatory passwords with spec characters, not only numbers and letters as it is now.
    2. To enable control if users password fits pasw requirements and if no, to force upgrade password.

    It's important for bigger amount of regular and portal users management.
  • yuri
    Member
    • Mar 2014
    • 8440

    #2
    Hi,

    > To enable control if users password fits pasw requirements and if no, to force upgrade password.

    I think this is not feasible for two reasons.

    1. It's not possible to know which characters are in a stored password as it's hashed.
    2. Storing information about a password is not good for security. For example, the database is stolen. Find out which passwords are weak. Try to brute force them first.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    • yuri
      Member
      • Mar 2014
      • 8440

      #3
      Note that password length is more important than complexity. You can also consider increasing the min. password length. Also it's highly recommended to force regular users to set up 2FA.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

      Comment

      • partomas
        Active Community Member
        • Sep 2018
        • 331

        #4
        Originally posted by yuri
        Note that password length is more important than complexity. You can also consider increasing the min. password length. Also it's highly recommended to force regular users to set up 2FA.
        Yes, I know, but in our ISO requirements there are rule that all passwords should include specific characters and I have no way how to implement that requirement.

        Comment

        • partomas
          Active Community Member
          • Sep 2018
          • 331

          #5
          And one more thing to the same topic, the "frequency of password change" setting is needed to ensure the users at least once a yer would change their credentials to new one.

          Comment

          • yuri
            Member
            • Mar 2014
            • 8440

            #6
            Mandatory special characters will be available in v9.0.
            If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

            Comment

            Working...