Password complexity requirements

[encho]

I have been looking for this, but to no avail: is there a setting to adjust password length/complexity/other requirements? Thanks.

[MarcC]

It's sort of looking like no to me in the default setup, but maybe you can just create your own special password fieldtype with different requirements? That's a module, after all.

[ryan]

That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9).

These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. 

[arjen]

I'm using the password fieldtype heavily in the front-end of some testprojects. I would really appreciate it if you want to make it configurable.

[ryan]

I'm using the password fieldtype heavily in the front-end of some testprojects. I would really appreciate it if you want to make it configurable.

Fieldtype or Inputfield? The password requirements only apply to the Inputfield (interactively). There isn't really much reason to use the Inputfield on the front-end of your site unless you are using it with FormBuilder. From the API side, you can configure the minimum length setting for the Inputfield:

$inputfield->minlength = 30; // default is 6

[arjen]

Thanks Ryan, didn't know that!

My simple user signup form using Inputfields looks like:

$form = $modules->get("InputfieldForm");
$form->action = "./";
$form->method = "post";
$form->attr("id+name",'member-form');
$form->attr("class",'member-form');

$field = $modules->get("InputfieldEmail");
$field->label = "E-mail";
$field->attr('id+name','email');
$field->required = 1;
$form->append($field);

$field = $modules->get("InputfieldPassword");
$field->label = "Password";
$field->attr("id+name","password");
$field->required = 1;
$form->append($field);

$submit = $modules->get("InputfieldSubmit");
$submit->attr("value","Join");
$submit->attr("id+name","submit");
$form->append($submit);

This works great! An option to alter requirements besides the lenght would be great. I don't know how to implement this. Perhaps a regular expression?

[interrobang]

EDIT:

Sorry, looking at the InputfieldPassword sourcecode it seems the is no pattern support. But if you dont't need "verify password" you can use a simple InputfieldText and give it a attribute password ($field->attr("type","password");) and a pattern like below.

ORIGINAL POST:

I think you can use field->pattern like this:

$field = $modules->get("InputfieldPassword");
$field->label = "Password";
$field->attr("id+name","password");
$field->required = 1;
$field->pattern = "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?!.*\s).*$"; //the regex pattern will be used for backend validation and in html5 browsers also for frontend validation
$form->append($field);

[arjen]

Thanks interrobang. Will try this out!

[apeisa]

Is the digit requirement good to have? New hot is passphrases, using passwords like "Cats Milk Sugar Shake" (long, but easier to remember).

[encho]

That's true that the complexity requirements aren't configurable at present. Though I could feasibly make it configurable, but this is the first time the request has come up. Currently, the requirements are that the password must have at least 6 characters, one of which must be an ASCII letter of a-z or A-Z, and one of which must be a digit (0-9).

These requirements are only enforced interactively, and in the PW admin. So if you populate a password to a user from the API side, like $user->pass = 'something'; there are no requirements. Meaning, you can choose to enforce your own requirements before populating $user->pass with a value. 

I can't believe I'm the first one to ask Is there a place I can post a feature request?

[kongondo]

I can't believe I'm the first one to ask Is there a place I can post a feature request?

Uuh, http://processwire.com/talk/forum/5-wishlist-roadmap/

/k

[desbest]

Hello

I would like a setting in the processwire admin panel that allows me to set the complexity setting of new passwords.

Just a reminder to say that this is a good feature to put in.

[adrian]

https://processwire.com/blog/posts/upgrades-optimizations-pw-3.0.22/#major-enhancements-to-our-password-field