You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a Super User, I want to force all users to use strong, secure passwords for their Matomo account.
This is important as it will help increase the security of the data stored in Matomo.
By ensuring that all users have strong passwords, and that they are forced to set a strong password.
A new General setting, "Force all users to set a strong, secure password. " (<- confirm wording + inline help microcopy)
where to put the setting? Ideally we would merge "Login" and "TwoFactorAuth" sections (in "General settings" page) into one section "Login & Security" that would have all settings nicely in one section?
By default, we should use an existing/standard set of strong password checks.
How much do we let super users customise the password policy details (number of min chars, etc. etc.)?
Here is what it looks like in discourse, which would be a great place to start:
Here is the text version:
min password length
Minimum password length.
min admin password length
Minimum password length for Admin.
password unique characters
Minimum number of unique characters that a password must have.
block common passwords
Don't allow passwords that are in the 10,000 most common passwords.
The text was updated successfully, but these errors were encountered:
For new feature suggestions that for example enhance Matomo's cabapilities..
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Nov 7, 2022