Password strength
In create account page you have add password, but if you using google recaptch isn't is wiser to lower password strength reqs.? I had at least one capital and one small letter and special key and a number. Now I am thinking about at least 6 chars of anything.
-
- · Baloo
- ·
Am a little agree with you Hodor, many of my members make this remark it is worse than my bank here ...
-
-
·
Alex T⚜️
- ·
It's possible to change it via Studio > Developer > Forms > Fields > System > Create Account > edit "Password" field > change Regular Expression to something like this:
/^.{8,}$/
Also you will need to change translation for _sys_form_account_input_password_error language key
-
·
Alex T⚜️
-
- · Baloo
-
·
In reply to Alex T⚜️
- ·
Thank you Alex, but what does this expression mean? 8 is the number of characters required?
-
- · Hodor Hodor
- ·
Yes. And ^.{6,8}$ is min 6 and max 8
-
- · Baloo
-
·
In reply to Hodor Hodor
- ·
Thanks Hodor
-
Is there a place to change the outgoing pregenerated password when they request a reset?
I would like it to just be alphanumeric or even simpler.
-
-
·
LeonidS
- ·
Hello Andy@Stitchtalk.com !
This part depends on genRndPwd function (inc/utils.inc.php - the file where it was declared) and method protected function generateUserNewPwd($iAccountId) (template/scripts/BxBaseServiceAccount.php - the file where it is called). So you may change the code there. But better to redeclare generateUserNewPwd in your current template script like for Protean it would be modules\boonex\protean\data\template\system\scripts\BxTemplServiceAccount.php
-
·
LeonidS
-
I'm hosted in on una cloud-4 and I can't get to any of that. Is this something you can change for me?
I would just like only alphanumeric A-Z a-z 0-9 no symbols
-
We can change it for you, since it's very minor modification, but it's better to ask your users to change autogenerated password to their own.
Also why you want to change autogenerated password to be alphanumeric only ?
-
This is why :D
-
I got my first computer when I was 14, these ladies were using type writers. They don't copy and paste. They will literally try to read it and type the password. Most of them are on mobile or tablets too.
Also, if they are savvy enough to copy and paste these passwords are a pain in the butt. You can't double click on them.I just pulled these out of mandrill and you can see the difference right away.
OLD:
New:
and as far as "security" goes. These examples are actual passwords that were just assigned by my site today, but they are completely useless to anyone on here because you don't know who's email is being used. I've set the lock out to 12 attempts. Good luck! :D
-
-
·
Alex T⚜️
- ·
Thank you for the explanation, we'll change it in the next update - https://github.com/unaio/una/issues/2013
-
·
Alex T⚜️