Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #10500 Remove default password composition rule
    Actions
    Infos
    #10500
    Thomas Gerbet (tgerbet)
    2017-07-31 08:41
    2017-07-26 18:02
    10745
    Details
    Remove default password composition rule
    Tuleap comes with a default composition rule for password forcing the users to have at least a number in their password.

    These composition rules are now proven to be counter productive, users do not make stronger password because of them and they are annoying (yes, my password of 64 random letters is more secure than my password composed of 8 letters and digits).

    References:
    NIST’s Digital Identity Guidelines: https://www.nist.gov/itl/tig/special-publication-800-63-3
    Microsoft Password Guidance: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf [PDF]
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-07-27
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #10478 Tuleap Releases 9.11 Delivered 2017-08-18 11:11 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #10500

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/71/9071/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 302b66a755
    User avatar Marie Ange Garnier (marieange) , 2017-07-27 17:23
    request #10500: Remove default password composition rule ad5a5e973f
    User avatar Thomas Gerbet (tgerbet) , 2017-07-26 18:13
    Referenced by request #10500

    Artifact Tracker v5

    rel #10478 9.11

    Other

    gerrit #9071
    Display settings

    Follow-ups