Enhanced Login Security

Permalink
Guys,

Once of my customers is going through a Cyber security assessment process and they have an older C5 Version 5.6 site.

They need to know whether the following password protection levels can be programmed into the user/editor login for 5.6.

(Does 5.8 have this at all?)

The requirement is:

========================

Property
Requirements
Characters allowed
· A – Z
· a – z
· 0 – 9
· @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ “ ( ) ;
Characters not allowed
· Unicode characters
· Spaces
· Strong passwords only: Cannot contain a dot character '.' immediately preceding the '@' symbol

Password restrictions
· 8 characters minimum and 16 characters maximum
· Strong passwords only: Requires 3 out of 4 of the following:
o Lowercase characters
o Uppercase characters
o Numbers (0-9)
o Symbols (see password restrictions above)

Password change
Passwords must be changed every 90 days

Password change history
Last password cannot be used again when changing a password

-====================

igrieves
View Replies:
hutman replied on at Permalink Reply
hutman
The answer to the question of if these things can be programmed in is yes.

The answer to the question of if these things are built in is no (regardless of version).

These things are very specific and there isn't an add-on to do this, you would just have to override the login/register controller to add these things in.

There is an add-onhttp://www.concrete5.org/marketplace/addons/password-expiry/... to expire a user's password after x days (for 5.6) and it doesn't allow use of the previously used passwords.
igrieves replied on at Permalink Reply
igrieves
Thank you very much - most helpful!

Ian
JohntheFish replied on at Permalink Reply
JohntheFish
On 5.7 or v8 you could enhance login security another way with 2FA
http://www.concrete5.org/marketplace/addons/two-factor-login-securi...
igrieves replied on at Permalink Reply
igrieves
Thanks John, I'll let the customer know.

Out of interest if these add ons do not meet their requirements is programming 5.6 to meet the criteria above something you could take on please?

Ian
JohntheFish replied on at Permalink Reply
JohntheFish
You should first ask @mnakalay who developed the addon above and may be able to make small changes to meet your requirement in v8 or back-port it to 5.6 for you.