This repository has been archived by the owner on Dec 11, 2022. It is now read-only.
Set Password Strength for Meteor accounts login #11
Labels
enhancement
For issues that describe a feature that needs to be added, changed, or removed, but is not a bug
help wanted
For issues that have a clear solution described and are not currently prioritized core team work
Comments
|
The issue title contains "OAuth/Hydra" but password policies are completely handled by the "Identity Provider", implemented by Reaction by the Meteor auth package. Hydra only issues tokens upon confirmation of the user login. |
jeffcorpuz
changed the title
|
@ticean thanks for the clear up! edited the title to reflect it properly. |
|
Meteor's story on this seems to be that you should do it with a regular expression, or using something like zxcvbn in browser code. It seems possible to re-check on the server, but not easy given their default configuration. |
impactmass
changed the title
aldeed
changed the title
aldeed
added
enhancement
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Request Description
There is no standard password strength checklist or a place where you can enable the strength of a password when creating accounts and/or resetting passwords.
i.e You can create an account with a password with one character.
Possible Solution
Add the capability for an administrator to set-up minimum password requirements.
Add a reasonable default password requirement.
Examples:
Source:
https://en.wikipedia.org/wiki/Password_strength
The text was updated successfully, but these errors were encountered: