Enforcing Password Policies

[marc]

No matter how secure you make a user’s password initially, the user will eventually choose his own password. (choosing a one character password is possible !)
How to set account policies that define a secure password?
What possibilities does nuBuilder offer? Esp. when used in a company with sensitive data it's essential (data protection)
Can you tell me about your experience?

e.g.

Maximum Password Age
Passwords must have at least 8 characters.
Passwords can’t contain the user name or parts of the user’s full name, such as his first name.
Passwords must use at least three of the four available character types: lowercase letters, uppercase.

[admin]

marc,

Sorry, but you can't do this in nuBuilder.

Steven

[toms]

Steven,

nuBuilder could easily implement such a feature in a very generic way (and it would be optional, up to the user to implement it or not). So every user could implement their own password policy check.

And I agree with marc, this would be a very important feature to improve nuBuilder's security.

All you would have to do is add 7 rows to BS of the nuPassword form to make such a feature possible.

bs_password.PNG

This would check for the existence of a function (let's call it nuCheckPasswordPolicy() ).

-> If present, the saving just succeeds if the check returns true.

-> If there is no such function, the saving would work as it is now.


Then the user can create his own nuCheckPasswordPolicy() procedure.
Example:

Code: Select all

function nuCheckPasswordPolicy() {

$oldpw	= '#old_password#';
$newpw	= '#new_password#';

$passwordErr = "";

    if (strlen($newpw) < 8) {
        $passwordErr .= "Your Password Must Contain At Least 8 Characters!<br>";
    }
    if (!preg_match("#[0-9]+#",$newpw)) {
        $passwordErr .= "Your Password Must Contain At Least 1 Number!<br>";
    }
    if (!preg_match("#[A-Z]+#",$newpw)) {
        $passwordErr .= "Your Password Must Contain At Least 1 Capital Letter!<br>";
    }
    if(!preg_match("#[a-z]+#",$newpw)) {
        $passwordErr .= "Your Password Must Contain At Least 1 Lowercase Letter!<br>";
    }

if (strlen($passwordErr) > 0) {
	nuDisplayError ($passwordErr) ;
	return false;
} else
{
	return true;
}
}

$check = nuCheckPasswordPolicy();

[admin]

.

[marc]

toms, good idea.

@admin: is it possible to make this change?

All you would have to do is add 7 rows to BS of the nuPassword form to make such a feature possible.

[admin]

Guys,

I have added that now in the Before Save.

It's in Github now.

You'll need to get it and run Update.

Please let me know if it works and then I'll update the wiki and include toms sample procedure.

Steven

[toms]

It works all fine here and I've updated my sample procedure:

Code: Select all

function nuCheckPasswordPolicy() {

    $oldpw    = '#old_password#';
    $newpw    = '#new_password#';
    
    $passwordErr = "";
    
    if ($newpw === $oldpw) {
        $passwordErr .= "The provided New Password cannot be the same as the Current Password!<br>";
    }    
    if (strlen($newpw) < 8) {
        $passwordErr .= "Your Password must contain at least 8 Characters!<br>";
    }
    if (!preg_match("#[0-9]+#",$newpw)) {
        $passwordErr .= "Your Password must contain at least 1 Number!<br>";
    }
    if (!preg_match("#[A-Z]+#",$newpw)) {
        $passwordErr .= "Your Password must contain at least 1 Capital Letter!<br>";
    }
    if(!preg_match("#[a-z]+#",$newpw)) {
        $passwordErr .= "Your Password must contain at least 1 Lowercase Letter!<br>";
    }
    if(!preg_match('/[\'\/~`\!@#\$%\^&\*\(\)_\-\+=\{\}\[\]\|;:"\<\>,\.\?\\\]/', $newpw)) {
        $passwordErr .= "Your Password must contain at least 1 Special Character!<br>";
    }    

    if (strlen($passwordErr) > 0) {
        nuDisplayError ($passwordErr) ;
        return false;
    } else
    {
        return true;
    }
}

$check = nuCheckPasswordPolicy();

[admin]

toms,

Thanks for that.

This has now been added to the wiki.

https://wiki.nubuilder.cloud/ ... d_Policies


Steven

[marc]

Thank you both, works for me too

[admin]

.