#1304 ✓resolved

Feature request: update password handling

Reported by dleffler | July 17th, 2015 @ 08:28 PM | in 2.3.5 (closed)

Since we've left php v5.2.x support, it would be a good time to consider moving to a newer method to 'hash' passwords. Some considerations:

  • implementing a new password 'hash' would invalidate all existing passwords (immediately) so we'd need to allow the super-admin to change their password during the upgrade and then possibly (automatically) send an email to ALL users with the link to reset their password?
    • should we also implement a new feature to force the user to change a password every xx days?
  • implement the php function crypt which also allows adding a 'salt' value
  • implement a drop-in or configurable method for setting passwords (min number of chars, min pattern such as upper/lower/numeric/symbol)...we provide a 'password strength meter' on the bootstrap3 views which better helps the user select a stronger password

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket