Password policies

leonard · February 2007

Knowing that users are inclined to choose poor passwords, is there going to be an option build into Vanilla to let the application generate the user passwords instead? I would suppose developing and add-on is not an option here, as the application dialog has hardcoded password fields in it which would suggest to the user (s)he can pick a password. Or is there a way an add-on could disable those fields in the application form?

y2kbg · February 2007

hmm well a theme mod could take care of eliminating the field, someone here could probably make the generater, but not me.

leonard · February 2007

Code to generate a password which avoid charachter set issues and troublesome characters is easy enough: generate_password() { $nc = 8; // number of characters, f.e. 8, should be an option $s = ''; for ($i = 0; $i < $nc; $i++) { // exclude double and single quote, percent sign, plus and backslash // to avoid troubles with url escaping $n = 34; while ($n == 34 || $n == 37 || $n == 39 || $n == 43 || $n == 92) $n = mt_rand(33, 126); $s .= chr($n); } return $s; }

Stash · February 2007

I would have thought an extension would handle this fine. All it would need to do is generate a password and then use a bit of JS to autofill the password field. That should do the trick no?

Password policies

Comments