Add strength policy for the password #56
Comments
|
Hey team! Please add your planning poker estimate with ZenHub @elias-ba @stuartc |
|
@stuartc @amberrignell what's the acceptance criteria of this issue ? Is it only "It should be at least 8 characters long" or do you have other ideas about rules to validate the password ? |
|
yep thats it for now, after discussing it before the story we don't want to make security assumptions (passed 8 chars) for now. |
|
Great, thanks for confirming. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a user concerned about security, I want to ensure all users have strong/secure passwords.
It should be at least 8 characters long.
Here is an interesting article from Microsoft around password policies: https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
They claim that overly strict policies have negative effects as users work around them using repetition or easy to guess replacements (
ato@,i|lto!).Preferred mechanisms to support security is common word dictionaries and 2FA.
The text was updated successfully, but these errors were encountered: