DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:passpolicy

PassPolicy Plugin

Compatible with DokuWiki

  • 2022-07-31 "Igor" unknown
  • 2020-07-29 "Hogfather" yes
  • 2018-04-22 "Greebo" yes
  • 2017-02-19 "Frusterick Manners" unknown

plugin Better password security for DokuWiki

Last updated on
2022-01-11
Provides
Helper, Action
Repository
Source

Tagged with password

Installation

Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.

Changes

Features

This plugins integrates multiple features to increase the strength of your users passwords.

Password Policies

Password policies are modeled after Microsoft's Active Directory policies. You define a number character types that should be used in a password and how many of them have to be used. Users will be denied to change their password to anything that does not match the configured policy.

You may also specify that the password may not match the user name, or even parts of the user name.

Passwords can also be checked against a list of the 10,000 most commonly used ones.

Passwords can also be checked anonymously against the haveibeenpwned passwords API.

Configuration is done in the Config Manager.

Password Generation

The plugin exchanges DokuWiki's default password generation with a better one using a much stronger random generator. The generator will also take your configured password policy into account and create matching passwords.

You may also specify how strong generated passwords should be by giving the minimum number of bits of informations in them. The higher the number the stronger the password.

The generator supports three types of passwords:

  • completely random passwords
  • pronouncable passwords (as in DokuWiki's default generator)
  • passphrases made up from a big list of English words and words in your wiki

Configuration is done in the Config Manager.

Password Strength Indicator

The plugin adds a simple password strength indicator to all forms where new passwords can be set by the user or administrator.

Account Hint Suppression

By default, DokuWiki tries to be user friendly and will tell users when a given account in the password reset mechanism does not exists. This is to avoid frustrations where you wait for a mail that will never come because you entered a wrong user name.

Some people consider this a security risk as it allows to automatically figure out if certain usernames exist or not.

This plugin offers an option to suppress these kind of user friendly hints.

plugin/passpolicy.txt · Last modified: 2022-01-11 23:50 by andi

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki