Details
-
Story
-
Status: Closed (View Workflow)
-
P3
-
Resolution: Done
-
None
-
-
eHoldings Sprint 98, eHoldings Sprint 101, eHoldings Sprint 102, eHoldings Sprint 103
-
5
-
Spitfire
-
Backend analysis to identify options. In addition to implementation.
Description
As a system administrator,
I want to validate passwords created/reset/changed
So that I minimize any efforts to illegal access and attack/harm Folio
Requirement
- Check user's password against the list obtained from online service https://haveibeenpwned.com/Passwords
Acceptance Criteria
Given I need to set/change/reset my password
When I enter a password that is on the bad password/specified dictionary list(s)
Then display a message that the password is invalid AND do not allow the password to be saved
Update: A spike (MODLOGIN-35) was created to find the approach for this functionality. It was completed, and the result was that the online service https://haveibeenpwned.com/Passwords could be used to obtain the list of the bad passwords.
TestRail: Results
Attachments
Issue Links
- clones
-
MODLOGIN-35
Select a bad password list(s)
-
- Closed
-
- has to be done after
-
MODPWD-41
Create a basis to migrate the module to Spring
-
- Closed
-
- is blocked by
-
FOLIO-2911 Docker image is not created by Jenkins build due to file copying issue
-
- Closed
-
- is required by
-
UXPROD-2462 Local Password Management | Implement bad password list
-
- Closed
-
- relates to
-
MODPWD-34
Trivial password rule
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
MODLOGIN-38
Technical Design: Local Password Rules Parameters/Configuration
-
- Closed
-
-
MODLOGIN-57
Create password validation rules (RegEx)
-
- Closed
-
-
-
- Closed
-