[#1887] - [#31912] Generated passwords - longer and with special characters
- Closed
- 4 Mar 2014
- Medium
- Build: master
- # 1887
- Diff
- lszeremeta:master
- Foreign ID 31912
- Error This pull request is targeted at the master branch. Pull requests should no longer be merged to master.
User tests: Successful: Unsuccessful:
By default, the generated password in Joomla! to 8 characters without any special characters (eg. $,%, @).
I suggest some improvement in security by default generate a 10-character password with special characters.
I applied a patch on Github.
Before sharing patch, it has been tested by me on the latest current version of Joomla 2.5 and 3 branches.
Test Procedure:
1 Create a new user account leaving the password field blank (send e-mail passwords must be enabled).
2 The generated password will not have any special characters - only letters and numbers.
and
- Change password for @% + \ / '! # $ ^?:. () {} [] ~-_
- Verify that you can log on.
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31912
brianteeman
- | Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-03-04 20:22:01 |
The original, failed bcrypt PR proposed to have a 16 char random password. In theory I would agree with you that a longer password is better, but we have 2 issues here:
Anyway, due to this PR changing the current API, I'd like to request to reject this PR.
And with the words of Cato the Elder: Ceterum censeo Joomlacode esse delendam (I believe that Joomlacode has to be destroyed. ;-) )