|
Password Security
Password Security
Description This Hack allows you to enforce your members to use safe(r) Passwords:
Details 1 Product XML (2 Plugins, 14 Phrases, 2 Settings) 2 Template Edits History 1.0.0 Initial Version 1.0.1 Fixed problem with multiple Datamanager 1.0.2 Changed code to ignore automatically created weak passwords |
first reply... GNI!
request for future: can this hack be modified to be using AJAX for the verif, instead of javascript plain ?! thanks for this... greatly appreciate! |
o0o Very nice!
|
@nexialys
Nope. That would mean having to transfer plaintext Passwords which is a no-no. |
great hack :)
|
cool, we'll definately need this when we get to 3.5
THANKS for doing this so in preventing the use of screename as password, which, if any, of these does it prevent?
Also, are there rules for the word list or is the list just matched verbatim (or perhaps case insensitive)? All we need do with the list is just add a table with the words, yes? |
Quote:
|
Currently there is no way to add any at all ;)
@bulbasnore None, as they are all different from your Username |
Awe... :( I was looking forward to being bored and adding to it :(
|
Great Hack, Well done :)
|
how will this mod effect someone using password retrival? will it give them a pass not within the critera and then not work?
|
Doesn't have any effect on password reset, only on passwords the user does chose.
|
so if they do pass retrival and it doesnt follow the criteria I set, does that mean once they login with the new it will force them to change it?
|
No. As said, it does not have any effect on system generated passwords.
But that's a good point, I hack to think about it if there is smth, that could be done. |
when the product is enabled and you try to use the Update User Titles and Ranks function the following error is made (i removed the actual paths for this post):
Quote:
|
Wrap function verify_password_secure if
PHP Code:
|
Never Mind
|
Quote:
|
sound good dude
|
This hack appears to interfere with users ability to reset their password should they forget it. I'll have to disable it for now. :(
|
Can you give a little more information about how it does interfere?
That would be useful ... |
It does indeed interfer with resetting of passwords.
Enter email address to reset password. Click on link sent to email address to reset password. Vbulletin comes up with an error: The Password you have choosen is not considered strong enough. Please make sure that you are using at least 2 different character Classes (Uppercase Characters, Lowercase Characters, Numbers or other Characters). I see from the link that the password is all numbers and hence will not allow me to reset. |
anybody going to sort this?
|
Quote:
|
This is a great mod if the above mentioned problems are fixed (I have not confirmed that they exist, but it seems likely).
Please any update? Thanks -vissa |
Quote:
seems updated 27 jan |
nice one
/me will be installing this soon |
Hi Andreas
I installed it. It is useful but I think it need more user-friendly guide. For example, it should show the register a meter of the strength of his password typing. You can see an example of it when you register hotmail. May you tell me how to add words into word list. Thank you Anyway this hack is very good to install, I really appreciate. Thank you, Andreas |
thanz bro, this mods's so great :)
|
I have installed it in VB 3.6.0 and it's working great, thanks.
|
I would like this for just my mods smods and admins is there anyway to set this for just them and not anyone else?
also is this working for vb 3.6.4? and has anyone got the word list yet? Thanks. |
It's working for vb 3.6.4
If there's any interest in a TMS-Product, please send me a pm :-) |
Hey Andreas,
I am now having a problem with this in 3.6.4. Initially I set the password to expire in 90 days for all users . Now 90 days have passed and the password is expired the user cannot change it, they have to contact me to change it for them via admincp. I have checked this myself and it looks like it locks the user out once the password is expired. What this needs is to send a password expiry email before the password expires. I have had to turn it off due to too many people contacting me to change their password. |
Quote:
-vissa |
Quote:
Thank you -vissa |
Well I finally broke down and installed this on 3.6.5. Seems to work fine. I've tested registrations and users resetting their passwords. Those seem to work well as is. I will be testing "password expiry" shortly and report back.
-vissa |
installed on 3.6.8 and works fine
though, it would be nice to port this hack to 3.6.8 and especially ad the password check also to the "change password" site at the forum, not only for new signups |
Quote:
|
On 3.7, if a user edit their password (that is shorter than specified) gets an error - "Your password is too short..." then returns to the User CP.
In actual fact the password does change - if you try to re-change it you get an error saying "Password entered doesnt match your current one..." If you try the "too short" password it works... Any ideas? |
This appears to not completely work with current code.
I really could use the "stop users from having same password as their username" as I was just compromised this morning. From reading, I get the impression this doesn't work right with 3.72. Am I correct, or am I not right, and it does work? I really could use this mod like NOW, since I'm now a known target for this kind of behaviour. |
| All times are GMT. The time now is 04:47 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|