On 01/26/2011 06:51 PM, Ricky Zhou wrote:
On 2011-01-25 01:24:54 PM, Jose Manimala wrote:
> One question is should a password length and secure password creation
> check be enforced on the FAS system. Like regular expression checks
> and stuff. I know this is asking a lot, the current implementation
> allows me to have a simple password if I remember(need to check) been
> long. And password expiry? :)
Good point, password complexity checks are still listed as a TODO in
FAS (although we do have a minimum length of 8 implemented), looks like
we just never got to doing it. I've added a note about those in
which we will discuss in the next infra meeting.
Maybe we should add a captcha after three (3) failed login attempts ?
Sign up page already has a captcha