You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In addition, it might also be interesting to add a parameter to set the maximum password age :
PWP__PWDPOLICY__MAX-AGE (Days)
When the password expires, the user is forced to change it the next time he logs on.
🛰 Alternatives
It's not so much an alternative, but rather a remedy.
It would be good to specify in the documentation that the implementation of fail2ban can be a good solution to protect passwordpusher from brute force attacks. Or to implement protection against such attacks in password pusher.
Perhaps this mechanism is already in place?
In any case, thank you for all your hard work, and thanks in advance for all your help.
The text was updated successfully, but these errors were encountered:
🚀 Feature Request
It's should be possible to configure a password policy for accounts (login functionnality).
🔈 Motivation
Hi, I'm using the login functionality on my password pusher instance.
I noticed that there is no configurable password policy.
In the current version, the only requirement is a minimum length of 6 characters, which is not enough.
Access to a passwordpusher account must be secure, as it gives access to all the user's pushs.
I suggest adding a few configurable parameters to ensure user configure a strong password when create account / modify password / reset password.
For example :
PWP__PWDPOLICY__UPPER-CASE
PWP__PWDPOLICY__LOWER-CASE
PWP__PWDPOLICY__NUMBER
PWP__PWDPOLICY__SYMBOL
PWP__PWDPOLICY__MIN-LENGTH
PWP__PWDPOLICY__MAX-LENGTH
In addition, it might also be interesting to add a parameter to set the maximum password age :
PWP__PWDPOLICY__MAX-AGE (Days)
When the password expires, the user is forced to change it the next time he logs on.
🛰 Alternatives
It's not so much an alternative, but rather a remedy.
It would be good to specify in the documentation that the implementation of fail2ban can be a good solution to protect passwordpusher from brute force attacks. Or to implement protection against such attacks in password pusher.
Perhaps this mechanism is already in place?
In any case, thank you for all your hard work, and thanks in advance for all your help.
The text was updated successfully, but these errors were encountered: