1. Startpagina
  2. General
  3. Feature Requests
  4. RE: RE: Passwords longer than 128 characters should be rejected

RE: RE: Passwords longer than 128 characters should be rejected

Václav Suchánek, 2 Jaren geleden aangepast.
Passwords longer than 128 characters should be rejected
Junior Member Berichten: 26 Aanmelddatum: 15-8-18 Recente berichten

See ASVS v4.0.3, section 2.1.2:

Verify that passwords of at least 64 characters are permitted, and that passwords of more than 128 characters are denied.

pasword asvs security
thumbnail
Zsigmond Rab, 2 Jaren geleden aangepast.
RE: Passwords longer than 128 characters should be rejected
Liferay Master Berichten: 764 Aanmelddatum: 5-1-10 Recente berichten

Hi Václav,

I believe this can be done with password policies. There you can set a Minimum Length and you can even define a Regular Expression to validate the passwords.

Regards,
Zsigmond

Václav Suchánek, 2 Jaren geleden aangepast.
RE: RE: Passwords longer than 128 characters should be rejected
Junior Member Berichten: 26 Aanmelddatum: 15-8-18 Recente berichten

Hello Zsigmond,

Yes, you are right. For sure we can limit the length of the password with regex (portal properties). But what if we don't want to use a regex because of the following issue:
https://liferay.atlassian.net/browse/LPS-152747
In the end, we have to establish a very complex regex pattern that follows all our password policies.

Regards,
Václav

thumbnail
Zsigmond Rab, 2 Jaren geleden aangepast.
RE: RE: Passwords longer than 128 characters should be rejected
Liferay Master Berichten: 764 Aanmelddatum: 5-1-10 Recente berichten

Hi Václav,

Watch https://liferay.atlassian.net/browse/LPD-15194.

Regards,
Zsigmond

Václav Suchánek, 2 Jaren geleden aangepast.
RE: RE: Passwords longer than 128 characters should be rejected
Junior Member Berichten: 26 Aanmelddatum: 15-8-18 Recente berichten

Thank you, Zsigmond.