View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 3648 | Composr | core_cns | public | 2018-07-30 10:47 | 2019-11-16 02:39 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Priority | normal | Severity | feature | ||
| Status | resolved | Resolution | fixed | ||
| Summary | 3648: Score passwords that contain the username lower | ||||
| Description | If a password contains the username, discount all those letters from the scoring algorithm. Therefore the password may not hit the score threshold configured. | ||||
| Tags | Good for training, Type: Security | ||||
| Attach Tags | |||||
| Time estimation (hours) | 0.5 | ||||
| Sponsorship open | 0 | ||||
|
|
Also consider doing the same for the DOB year, and the start of the email address. |
|
|
Here are some nice guidelines on assessing password strength, which we could largely adopt (NIST): https://specopssoft.com/blog/nist-password-compliance/ |
|
|
This should be unit tested. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-07-30 10:47 | Chris Graham | New Issue | |
| 2018-07-30 10:48 | Chris Graham | Note Added: 0005779 | |
| 2018-07-30 10:48 | Chris Graham | Tag Attached: Type: Security | |
| 2019-06-27 19:55 | Chris Graham | Tag Attached: Good for training | |
| 2019-11-02 01:58 | Chris Graham | Note Added: 0006139 | |
| 2019-11-15 22:04 | Chris Graham | Note Added: 0006154 | |
| 2019-11-16 02:39 | Chris Graham | Assigned To | => Chris Graham |
| 2019-11-16 02:39 | Chris Graham | Status | Not Assigned => Resolved |
| 2019-11-16 02:39 | Chris Graham | Resolution | open => fixed |
