View Issue Details

IDProjectCategoryView StatusLast Update
0003648Composrcore_cnspublic2019-11-16 02:39
ReporterChris GrahamAssigned ToChris Graham 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0003648: Score passwords that contain the username lower
DescriptionIf a password contains the username, discount all those letters from the scoring algorithm. Therefore the password may not hit the score threshold configured.
TagsGood for training, Type: Security
Attach Tags
Time estimation (hours)0.5
Sponsorship open0


Chris Graham

2018-07-30 10:48

administrator   ~0005779

Also consider doing the same for the DOB year, and the start of the email address.

Chris Graham

2019-11-02 01:58

administrator   ~0006139

Here are some nice guidelines on assessing password strength, which we could largely adopt (NIST):

Chris Graham

2019-11-15 22:04

administrator   ~0006154

This should be unit tested.

Issue History

Date Modified Username Field Change
2018-07-30 10:47 Chris Graham New Issue
2018-07-30 10:48 Chris Graham Note Added: 0005779
2018-07-30 10:48 Chris Graham Tag Attached: Type: Security
2019-06-27 19:55 Chris Graham Tag Attached: Good for training
2019-11-02 01:58 Chris Graham Note Added: 0006139
2019-11-15 22:04 Chris Graham Note Added: 0006154
2019-11-16 02:39 Chris Graham Assigned To => Chris Graham
2019-11-16 02:39 Chris Graham Status non-assigned => resolved
2019-11-16 02:39 Chris Graham Resolution open => fixed