- Developer
- Viktor Vogel
The system plugin checks the user passwords using defined security patterns and rejects weak passwords. In this way FPC ensures stronger security of the whole system. The execution of the plugin and the checks of the passwords can be set completely customized to ensure an own standard of security. There is also an option to allow weak passwords for certain user groups, but to inform them by a warning about the weak password. This option should only be used for non-critical user groups.
Features
- Force secure, good passwords with individual rules
- Suggest a password that fits the seurity criteria (PRO)
- Set precise execution rules:
- Execution in front- and / or backend
- Restrict to specific user groups
- Restriction with warning notice for unselected groups possible
- Check the type of users - only new, existing or all users
- Individual checks for secure passwords:
- Minimum length of passwords
- Minimum size of the entropy of passwords
- Forbid parts of the name and the e-mail address
- Maximum number same and same consecutive characters
- Force character types: uppercase / lowercase letters, numbers and special characters
- Plugin is small and fast, doesn't need a big framework
- Fast, clean code
- Languages: English and German
Installation
Install the plugin in the backend. Configure and activate it in Extensions -> Plugins -> System - Force Password Complexity - FPC.The settings of FPC are divided into two parts: Execution and Checks.
Under Execution you may change the settings, how and where the plugin is executed. The application can be restricted to the front- and / or backend, on specific user groups and the status of the user. Additionally you may show a warning, to not specified users, that the entered password has been saved but it has been evaluated by the system to be insecure.
Under Checks you may define individual check patterns to guarantee secure passwords. You may define a minimum length and entropy of the password. Entropy is a measure of the uncertainty in a random variable. The higher the number, the better (more complex) the password. You have the ability to forbid parts of the name or the email address upon creation of the password. The options to restrict the maximum number of equivalent or consecutive characters avoid very weak passwords with few or repeating characters. Another important option is the ability to define which characters must be integrated at least once into the password. Here you have the options for upper- and lowercase letters, numbers and special characters (multiple selection is possible and recommended).