Announcement

**yuri** · 10-01-2024, 06:20 AM

Hi,

> To enable control if users password fits pasw requirements and if no, to force upgrade password.

I think this is not feasible for two reasons.

1. It's not possible to know which characters are in a stored password as it's hashed.
2. Storing information about a password is not good for security. For example, the database is stolen. Find out which passwords are weak. Try to brute force them first.

**yuri** · 10-01-2024, 06:41 AM

Note that password length is more important than complexity. You can also consider increasing the min. password length. Also it's highly recommended to force regular users to set up 2FA.

**partomas** · 10-01-2024, 06:56 AM

Originally posted by yuri View Post

Note that password length is more important than complexity. You can also consider increasing the min. password length. Also it's highly recommended to force regular users to set up 2FA.

Yes, I know, but in our ISO requirements there are rule that all passwords should include specific characters and I have no way how to implement that requirement.

**partomas** · 10-01-2024, 01:51 PM

And one more thing to the same topic, the "frequency of password change" setting is needed to ensure the users at least once a yer would change their credentials to new one.

Announcement

Stronger passwords

Stronger passwords

Comment

Comment

Comment

Comment