You are here: Foswiki>Tasks Web>Item2556 (17 Jan 2010, PaulHarvey)Edit Attach

Item2556: Increase default {MinPasswordLength} to 7 characters

pencil
Priority: Enhancement
Current State: Closed
Released In: 1.0.9, 1.1.0
Target Release: patch
Applies To: Engine
Component:
Branches:
Reported By: PaulHarvey
Waiting For:
Last Change By: PaulHarvey
The minimum password length out of the box on trunk and release branches at the moment is 1 character.

Are there any objections to increasing the default? 6 characters maybe?

-- PaulHarvey - 02 Jan 2010

No objections.

-- GilmarSantosJr - 02 Jan 2010

I had some trouble choosing a number.

I chose 7 characters because that's what Microsoft chose for their Server2003 product.

If users dislike this then they can change it in their configure settings (at least they're actively lowering it, instead of the previous situation which was that admins may not have realised the default minimum is only 1 char).

-- PaulHarvey - 05 Jan 2010

IMHO, 6 would be a nice default, as it is the default for many applications (at least the great majority of the ones I use).

-- GilmarSantosJr - 07 Jan 2010

Do you have an example application to study? Eg. gmail is 8 characters, I'm pretty sure Yahoo is too.

We could always make it 15 chars and promote passphrases instead! smile

-- PaulHarvey - 07 Jan 2010

I like the 7 char proposal (if users realize that they can't use the 6 char pwd they use for other apps, this may be a good thing; OTOH, they can always shout at the admins to lower the default to 6 or so like Gilmar suggested). smile

Of course, we could raise the default even more (the-wiki-engine-with-the-longest-default-password-length-are-us?), but I guess in most organizations this will be handled by means of integrated solutions (LDAP or other) anyway to provide a single-sign-on solution. Six chars should be the absolute minimum, though.

-- MarkusUeberall - 07 Jan 2010

If GMail is 8 and microsoft uses 7, then I'm outdated... anyway I encorage users to use at least 8 wink

-- GilmarSantosJr - 07 Jan 2010

I think 7 is a fine choice.

-- KennethLavrsen - 09 Jan 2010

ItemTemplate edit

Summary Increase default {MinPasswordLength} to 7 characters
ReportedBy PaulHarvey
Codebase 1.0.8, trunk
SVN Range
AppliesTo Engine
Component
Priority Enhancement
CurrentState Closed
WaitingFor
Checkins distro:375f96b211d8 distro:a6c1bfca9346
TargetRelease patch
ReleasedIn 1.0.9, 1.1.0
Topic revision: r12 - 17 Jan 2010, PaulHarvey
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy