IPB4 suggestion - Password Policy

[Alcatravision]

That would be really great if we could setup a password policy for the registration process.

http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation

Like constraints on the password length and formation.

It would be great to have that in the core settings.

[Lindy]

I'm unsure if that could be worked into IPS 4.0 at this juncture, but I like the idea personally and it's definitely something to consider for the future.

[Makoto]

Similar to what I suggested February of last year,

'?do=embed' frameborder='0' data-embedContent>>

Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default.

Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement.

[Rimi]

Similar to what I suggested February of last year,
?do=embed' frameborder='0' data-embedContent>

Would certainly be nice to see improvements in this area. I still think the default 3 character requirement for passwords is pretty terrible. I understand some people may not appreciate having the industry standard 8 - 12 minimum character length forced on them, but I don't think there's any real excuse for using a password <6 characters in length, I still think that would be a good compromise for the default.

Then of course adding settings to allow the administrator to tune these requirements would certainly be a major improvement.

Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare.

[Makoto]

Sometimes I join sites just to ask a quick question or post something stupid. I always use the password "123456" cuz I just don't care about those sites. You're saying you want me to make it "12345678"? Or stick some letters in there? No. Unacceptable. Don't you dare.

If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here.

For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online.

[Rimi]

If I had it my way, I'd probably pass all registrations through cracklib or something similar to deny from list of common ridiculously insecure passwords like that in addition to what's being suggested here.

For misc. sites I don't care about, I have one common/generic password I use. My other passwords are tiered depending on the sensitivity of the account. It makes my life easier and still keeps me reasonably secure online.

Am I the only one here who uses the same password for everything?

[Makoto]

Am I the only one here who uses the same password for everything?

No. I just hope you don't do any online banking.

[Rimi]

No. I just hope you don't do any online banking.

Admittedly those passwords and my server crap are all special circumstances and deserve better passwords. But we're talking about forums here.

[opentype]

Am I the only one here who uses the same password for everything?

Wow, I hope so.

Until recently I had a clever system, in which I derived a unique password from the URL of the site. The resulting password was gibberish to anybody else but me and unique on every site. So there was nothing I had to remember.

Now I just use 1Password and my passwords are so strong, even I don't know them anymore. :-)

[Makoto]

I use Linux and have a GPG encrypted password wallet that stores my everyday passwords, but I still try and keep all of mine memorized.

[media]

That would be really great if we could setup a password policy for the registration process.

http://en.wikipedia.org/wiki/Password_policy#Password_length_and_formation

Like constraints on the password length and formation.

It would be great to have that in the core settings.

I like the idea... Second this... :)

[Adriano Faria]

Something like this hook:

[rct2·com]

I lay claim to the first request for this in 2007! Anybody care to try and beat that? ;)

'?do=embed' frameborder='0' data-embedContent>>

So Lindy, 6 and a half years notice not long enough for you? (w00t)

They might be 'only forums' Rimi, but they include my email address, date of birth, Paypal details (in Marketplace), private conversations, ... Password cracking also allows people to impersonate me, share things on Facebook, ... I treat my passwords on forums as seriously as any others.

(I use Password Safe to randomise and track my passwords)

[elonegenio]

Gosh, if we are allowed to dream of something for password protection, how about some biometrics to really give IPS the "WOW" factor ! For boards that have subscriptions this would eliminate the sharing of passwords to bypass paying for access.

[rct2·com]

Is this where I reach for the wood glue? ;)

[Aiwa]