Enhanced Login Security
Permalink
Guys,
Once of my customers is going through a Cyber security assessment process and they have an older C5 Version 5.6 site.
They need to know whether the following password protection levels can be programmed into the user/editor login for 5.6.
(Does 5.8 have this at all?)
The requirement is:
========================
Property
Requirements
Characters allowed
· A – Z
· a – z
· 0 – 9
· @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ “ ( ) ;
Characters not allowed
· Unicode characters
· Spaces
· Strong passwords only: Cannot contain a dot character '.' immediately preceding the '@' symbol
Password restrictions
· 8 characters minimum and 16 characters maximum
· Strong passwords only: Requires 3 out of 4 of the following:
o Lowercase characters
o Uppercase characters
o Numbers (0-9)
o Symbols (see password restrictions above)
Password change
Passwords must be changed every 90 days
Password change history
Last password cannot be used again when changing a password
-====================
Once of my customers is going through a Cyber security assessment process and they have an older C5 Version 5.6 site.
They need to know whether the following password protection levels can be programmed into the user/editor login for 5.6.
(Does 5.8 have this at all?)
The requirement is:
========================
Property
Requirements
Characters allowed
· A – Z
· a – z
· 0 – 9
· @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ “ ( ) ;
Characters not allowed
· Unicode characters
· Spaces
· Strong passwords only: Cannot contain a dot character '.' immediately preceding the '@' symbol
Password restrictions
· 8 characters minimum and 16 characters maximum
· Strong passwords only: Requires 3 out of 4 of the following:
o Lowercase characters
o Uppercase characters
o Numbers (0-9)
o Symbols (see password restrictions above)
Password change
Passwords must be changed every 90 days
Password change history
Last password cannot be used again when changing a password
-====================
Thank you very much - most helpful!
Ian
Ian
On 5.7 or v8 you could enhance login security another way with 2FA
http://www.concrete5.org/marketplace/addons/two-factor-login-securi...
http://www.concrete5.org/marketplace/addons/two-factor-login-securi...
Thanks John, I'll let the customer know.
Out of interest if these add ons do not meet their requirements is programming 5.6 to meet the criteria above something you could take on please?
Ian
Out of interest if these add ons do not meet their requirements is programming 5.6 to meet the criteria above something you could take on please?
Ian
You should first ask @mnakalay who developed the addon above and may be able to make small changes to meet your requirement in v8 or back-port it to 5.6 for you.
The answer to the question of if these things are built in is no (regardless of version).
These things are very specific and there isn't an add-on to do this, you would just have to override the login/register controller to add these things in.
There is an add-onhttp://www.concrete5.org/marketplace/addons/password-expiry/... to expire a user's password after x days (for 5.6) and it doesn't allow use of the previously used passwords.