-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Improvement]: BSI compliant password standards #17053
[Improvement]: BSI compliant password standards #17053
Comments
I think this would be fine as it won't break anything. If you create a PR you should also consider the password generator 😊 Thanks in advance |
This is not compatible with modern NIST guidelines. Appendix A1 contains a good explanation in that link as well.
And the person who came up with the recommendations which BSI's look a lot like is now recommending against them. NCSC also recommends against complexity rules:
|
Thanks a lot for reporting the issue. We did not consider the issue as "Pimcore:Priority", "Pimcore:ToDo" or "Pimcore:Backlog", so we're not going to work on that anytime soon. Please create a pull request to fix the issue if this is a bug report. We'll then review it as quickly as possible. If you're interested in contributing a feature, please contact us first here before creating a pull request. We'll then decide whether we'd accept it or not. Thanks for your understanding. |
Improvement description
The german administration for security in information technology (BSI) recommend a higher password policy than pimcore have at the moment.
BSI recommendations:
Short and more complex Passwords:
Longer and less complex Passwords:
BSI INFO PDF
Should we implement this in Pimcore?
The text was updated successfully, but these errors were encountered: