Version: 1.0.2, by Eric
Developer Last Online: Jun 2023
Category: Miscellaneous Hacks -
Version: 4.x.x
Rating:
Released: 05-30-2011
Last Update: 07-04-2011
Installs: 56
Uses Plugins Auto-Templates
Re-useable Code Translations
No support by the author.
What is this?
This mod will allow you to force user passwords to be at least a certain length.
Features
Force minimum length on:
Registration
Edit Password
Reset Password
I've only tested this mod on vB 4.1.4/4.1.5 (alpha). It should work with previous versions, however I am not sure. If it works for you on an older version, let me know.
Installation
1. Download the `product-password_minlength.xml` file. (* may differ in name based on version)
2. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
3. Import the product using the `product-password_minlength.xml` file. (* may differ in name based on version)
4. Configure the mod in AdminCP -> Settings -> Options -> User Registration Options
Upgrading
In many cases, all you'll need to do to upgrade is follow the installation instructions above, but set "Allow Overwrite" to "Yes".
Changelog Version 1.0.2, 07/05/2011
Changed the "Check Method" choice from a drop down to radio buttons (Boofo )
Changed how the "UserId" "Check Method" works - it now is used for escluding User ID's
Fixed a bug in the plugin for updating profile - was not checking if a new password had been entered.
Version 1.0.1, 06/07/2011
Introduced three new options and one new plugin.
The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).
Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?
You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.
I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.
Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
Not everyone feels their forums or members security are as unimportant as you feel they are.
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radioiped instead of selectiped. And I would have excluded userids instead of including them.
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radioiped instead of selectiped. And I would have excluded userids instead of including them.
Why change to the radioiped?
And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.
A coding preference, I guess, as well as it shows all options instead of having to scroll through a drop-down box.
Quote:
Originally Posted by Eric
And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.
I was wondering if maybe it was a simple mistake on your end.
That makes absolutely no sense. Why even use it then?
Because to enforce staff having a more secure password than the normal users. Extra security is really not needed for normal users. If they are concerned about that , they will have a strong password. I WANT my staff to have a secure password , but there is no way to enforce that. This would be perfect with tweeks.
To you, maybe. I think my users are just as important as the staff and therefore should be given the same concern. Having their accounts hacked could be just as disastrous, if not more so, than any staff members.
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.
I've tested this mod several times across 4.1.3 and 4.1.4 - works fine. You sure they actually were meeting the requirement?
Minimum Password Length Details »»
About Developer
Visit Web Site
Uses Plugins 
No support by the author.
06-04-2011, 06:14 PM
iped instead of select
