Page MenuHomePhabricator

Change password length requirement and ensure enforcement for non-privileged users (from 1 to 8)
Closed, ResolvedPublic2 Story Points

Description

๐Ÿ‘ฏโ€โ™‚๏ธ See also: T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10)

๐Ÿ›‘ This ticket is blocked by T211621: The 'your password is weak' message should display on log in for privileged accounts only


Info

We need to modify the required lengths of passwords. Specifically, these changes should be made:

  • Increase minimum password length for all non-privileged accounts from 1 to 8.
  • When a person creates a new account and their password does not match these requirements, the API or the UI should return an appropriate error message.
    • These error messages already exist, but should be updated to display the new accurate information.
  • If a non-privileged user logs in with a password that does not meet these requirements, they should not be messaged about their password strength. (See T211621)
  • If a non-privileged user resets their password, the new password must meet the latest requirements

Acceptance criteria

  • New password minimum length of 8 for new accounts is enforced on account creation and password reset
  • Error messages display as needed and display accurate information
  • No other user-facing change for non-privileged accounts

Event Timeline

TBolliger changed the task status from Open to Stalled.
TBolliger triaged this task as High priority.
TBolliger moved this task from Untriaged to Cards ready to be estimated on the Anti-Harassment board.

Change 479571 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[operations/mediawiki-config@master] Require an 8-byte new password for all users

https://gerrit.wikimedia.org/r/479571

Tgr added a subscriber: Tgr.Dec 17 2018, 7:22 AM
TBolliger set the point value for this task to 2.
dbarratt changed the edit policy from "Custom Policy" to "All Users".Mar 12 2019, 7:09 PM
dmaza claimed this task.Mar 12 2019, 7:18 PM

Change 496202 had a related patch set uploaded (by Dmaza; owner: Dmaza):
[operations/mediawiki-config@master] Enforce 8 char password length requirements for non-privileged users

https://gerrit.wikimedia.org/r/496202

This change is live on Beta

Niharika changed the task status from Stalled to Open.Mar 17 2019, 6:23 PM

Change 496202 merged by jenkins-bot:
[operations/mediawiki-config@master] Enforce 8 char password length requirements for non-privileged users

https://gerrit.wikimedia.org/r/496202

Mentioned in SAL (#wikimedia-operations) [2019-03-25T18:15:26Z] <dcausse@deploy1001> Synchronized wmf-config/CommonSettings.php: T211622: Enforce 8 char password length requirements for non-privileged users (duration: 00m 50s)

dmaza closed this task as Resolved.Mon, Mar 25, 6:41 PM