Version: 1.0.2, by Eric
Developer Last Online: Jun 2023
Category: Miscellaneous Hacks -
Version: 4.x.x
Rating:
Released: 05-30-2011
Last Update: 07-04-2011
Installs: 56
Uses Plugins Auto-Templates
Re-useable Code Translations
No support by the author.
What is this?
This mod will allow you to force user passwords to be at least a certain length.
Features
Force minimum length on:
Registration
Edit Password
Reset Password
I've only tested this mod on vB 4.1.4/4.1.5 (alpha). It should work with previous versions, however I am not sure. If it works for you on an older version, let me know.
Installation
1. Download the `product-password_minlength.xml` file. (* may differ in name based on version)
2. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
3. Import the product using the `product-password_minlength.xml` file. (* may differ in name based on version)
4. Configure the mod in AdminCP -> Settings -> Options -> User Registration Options
Upgrading
In many cases, all you'll need to do to upgrade is follow the installation instructions above, but set "Allow Overwrite" to "Yes".
Changelog Version 1.0.2, 07/05/2011
Changed the "Check Method" choice from a drop down to radio buttons (Boofo )
Changed how the "UserId" "Check Method" works - it now is used for escluding User ID's
Fixed a bug in the plugin for updating profile - was not checking if a new password had been entered.
Version 1.0.1, 06/07/2011
Introduced three new options and one new plugin.
The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).
can the mod dictate that a minimum of 1 Capital letter and I Digit must be used ?
Quote:
Originally Posted by vglobal
Tag for future. It would be great if we have a complex password mod.
Thanks
It is not possible to do that with this mod... at least, not yet. I will see what I can do.
Quote:
Originally Posted by Boofo
Excellent idea, sir.
Thank you
Quote:
Originally Posted by Boofo
What is a good default setting for the length? I think 14 might be a little too long for some users to accept without whining.
Also, I saw no error on importing the product on 4.1.3. Maybe another mod was not playing nice with the OP setup.
A good, secure, password is typically 12-16 (roughly) characters. But, I can understand some users having difficulty with that. I would say a good compromise would be 8 characters.
As for 4.1.3, that is what I was thinking - that maybe another mod was conflicting with it. Hopefully it is not an error with this mod itself.
I didn't see anything in the code that would cause an error on import. I wouldn't worry about it unless you get anyone else having the same issues.
I would suggest maybe adding a setting for certain userids that could bypass the length check.
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.
Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.
Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.
Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.
Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.
Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.
Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.
Just my opinion.
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.
Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?
You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.
I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.
Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
Minimum Password Length Details »»
About Developer
Visit Web Site
Uses Plugins 
No support by the author.
06-01-2011, 10:59 AM
