Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update password requirements #112

Merged
merged 1 commit into from
May 26, 2016
Merged

Update password requirements #112

merged 1 commit into from
May 26, 2016

Conversation

brendansudol
Copy link
Contributor

Why: to use latest NIST guidance / best practices

@brendansudol
Copy link
Contributor Author

new screenshot:
image

monfresh
monfresh reviewed May 25, 2016
View reviewed changes
spec/models/user_spec.rb
it 'works with spaces' do
PASSWORD_W_SPACES = 'this has a few spaces'.freeze

prototype_user = create(:user)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not necessary to create 2 users for this test. You can remove the prototype user, and update the user below to not specify an email since one will be created for it automatically via the Factory.

@jimfenton
Copy link

Strongly agree with removal of the password composition requirements (removing requirement for special characters, digits, etc.). In its place, the draft guidance says that you should check prospective passwords against a dictionary of known commonly-used and/or compromised values (those collected from breaches) and tell the user to pick another one if there is a match. You might consider doing that here. I can contribute a set of 3.1 million >=8 character passwords if that will help :)

@brendansudol brendansudol force-pushed the update-pw-rules branch 2 times, most recently from 7f8f08e to 1ccbd68 Compare May 26, 2016 15:21
Update password requirements
1ccbd68 
**Why**: to use latest NIST guidance / best practices
@monfresh
Copy link
Contributor

LGTM

@monfresh monfresh merged commit b2106c0 into master May 26, 2016
@monfresh monfresh deleted the update-pw-rules branch May 26, 2016 15:58
@monfresh monfresh added this to the Sprint 6 milestone May 26, 2016
zachmargolis pushed a commit that referenced this pull request Sep 20, 2024
@Sgtpluck
Merge pull request #112 from 18F/dmm/fix-namespace-bug-for-all-requests
e52d679 
Include namespace bug fix for all validations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@brendansudol brendansudol

Labels
status - ready for review
Projects
None yet
Milestone
Sprint 6
Development

Successfully merging this pull request may close these issues.
3 participants
@brendansudol @jimfenton @monfresh