Skip to content
Permalink
Browse files

EZP-30316: Increase default minimum password length (legacy) (#1423)

  • Loading branch information...
glye committed Apr 2, 2019
1 parent 99a1ea6 commit 61afb984b9d0d490b4db102a2b4055a0476d0d12
Showing with 11 additions and 2 deletions.
  1. +9 −0 doc/bc/5.90/password_length.md
  2. +2 −2 settings/site.ini
@@ -0,0 +1,9 @@
# Default password length requirement changes

For first v2019 release, the default password length requirement has been increased to 10 characters. Existing passwords that are shorter than this will continue to work, but when creating new passwords the new requirement must be fulfilled.

The default password of the Admin user is not changed. But you must of course change it before going live with a new project, and when you do, the new rule comes into effect.

The length of autogenerated passwords has also been increased, to 16 characters.

These defaults can be changed in site.ini [UserSettings], see MinPasswordLength and GeneratePasswordLength.
@@ -498,11 +498,11 @@ TrustedIPList[]
ShowMessageIfExceeded=false

# Minimum password length
MinPasswordLength=3
MinPasswordLength=10
# If true it will automatically generate a password if it is empty
# and email it to the user.
GeneratePasswordIfEmpty=true
GeneratePasswordLength=6
GeneratePasswordLength=16
# The ID of the anonymous user, this user will
# be used for everyone who is not logged in.
AnonymousUserID=10

0 comments on commit 61afb98

Please sign in to comment.
You can’t perform that action at this time.