Web based family history software

Question Passwords for all user (min. requirements)

  • mbeerli
  • Topic Author
  • Offline
  • New Member
  • New Member
More
6 years 10 months ago #1 by mbeerli
The data as you know is sensitive to some admins and users.
So as admin I would like to enforce stronger passwords then 6 chars.

As an example:
these are the options from my Synology unit. (see attachment)
The password expiration is a total bonus, so not needed in the beginning.

But to enforce stronger passwords should be a must have. :) What I mean it would be great to have.

Webtree 2.1.6, PHP Version 8.1.7, MySQL 5.6.51
Attachments:

Please Log in or Create an account to join the conversation.

More
6 years 10 months ago - 6 years 10 months ago #2 by apn
Hi,

Increasing the password complexity will not protect against brute force attacks.
Attacks will just need to be longer in order to be able hack more complex passwords.
If you're not analysing your access/error logs to detect such attacks, then increasing complexity of passwords is quite useless.

What you should investigate instead is implementing a fail2ban filter at server level or implementing dual factor authentication (i.e. via Google Authenticator code).

My $ .02.

Kind regards,
a.

webtrees 1.7.11 at genealogie.deprelledelanieppe.be
FreeBSD 11.2-RELEASE-p4, nginx-1.14.1, apache24-2.4.37, php72-7.2.11, mariadb101-server-10.3.10
Intel(R) Core(TM) i5-3570S CPU @ 3.10GHz 4 cores / 16GB RAM
Last edit: 6 years 10 months ago by apn. Reason: typo

Please Log in or Create an account to join the conversation.

More
6 years 10 months ago #3 by fisharebest
Replied by fisharebest on topic Passwords for all user (min. requirements)
> So as admin I would like to enforce stronger passwords then 6 chars.

You will need to modify the code.

1) In include/session.php, look for:
define('WT_MINIMUM_PASSWORD_LENGTH', 6);
This is used to validate the new password.

2) The "help text" (sadly) has a hard-coded length:"Passwords must be at least 6 characters long and are case-sensitive, so that “secret” is different from “SECRET”.".

You would need to create a custom translation to change 6 to a different number.

Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum
}