Maniphest T285151

Increase min password length to 12 characters
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Reedy
	Jun 18 2021, 3:59 PM

Tags

Referenced Files

None

Subscribers

Description

Will need some policy updates, probably...

ASVS v4.0.2-2.1.1 requires doing this as a "best practice" - https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/OWASP%20Application%20Security%20Verification%20Standard%204.0.2-en.pdf

Verify that user set passwords are at least 12 characters in length

MW/WMF are using 8/10 in various places

Details

	Subject	Repo	Branch	Lines +/-
	Force users with passwords shorter than 8 characters to change it	operations/mediawiki-config	master	+2 -1

Customize query in gerrit

Event Timeline

Reedy created this task.Jun 18 2021, 3:59 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 18 2021, 3:59 PM

RhinosF1 subscribed.Jun 18 2021, 4:17 PM

Izno subscribed.Jun 18 2021, 7:48 PM

Reedy removed a project: Security-Team.Jun 21 2021, 2:28 PM

Zabe subscribed.Oct 9 2021, 5:06 PM

TheresNoTime removed a subscriber: RhinosF1.Dec 15 2022, 11:35 PM

gerritbot: https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/882232/

Change 882232 had a related patch set uploaded (by Aklapper; author: Zabe):

[operations/mediawiki-config@master] Force users with passwords shorter than 8 characters to change it

https://gerrit.wikimedia.org/r/882232

gerritbot added a project: Patch-For-Review.Jan 22 2023, 9:49 PM

Jdlrobson moved this task from Backlog to Workflow on the MediaWiki-User-login-and-signup board.Jul 13 2023, 4:05 PM

Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Oct 24 2023, 12:21 AM