Password Security
Introduction
Mantis currently lacks support for advanced password security features
commonly employed by security concious applications / organisations. These
features are important when the database contains sensitive information
and users may be inclined to use weak passwords.
The features that would be required are:
Database Changes
Add a password history table.
[Optional] Add a password_updated field to the user table. This is duplication of information, though could simplify integration tasks and implementation where password history is not required.
Configuration Changes
Add a configuration option for the password strength threshold
Add a configuration option for the password usage period (eg how often it must be changed)
Add a configuration option for the size of the password history
General Changes
Support password strength checking on password update page.
Support password history checking on password update page.
Support password expiration checking as part of authentication process.
Reminders
Feedback
Please add your comments and feedback in this section.