password_complexity.rdoc

doc/password_complexity.rdoc
Last Update: 2020-03-26 13:10:17 -0700

Documentation for Password Complexity Feature

The password complexity feature implements more sophisticated password complexity checks. It is not recommended to use this feature unless you have a policy that requires it, as users that would not choose a good password in the absense of password complexity requirements are unlikely to choose a good password if you have password complexity requirements.

Checks:

  • Contains characters in multiple character groups, by default at least 3 of uppercase letters, lowercase letters, numbers, and everything else, unless the password is over 11 characters.

  • Does not contain any invalid patterns, by default patterns like qwerty, azerty, asdf, zxcv, or number sequences such as 123.

  • Does not contain a certain number of repeating characters, by default 3.

  • Is not a dictionary word, after stripping off numbers from the prefix and suffix and replacing some common numbers/symbols often substituted for letters, catching things like P@$$w0rd1.

Auth Value Methods

password_character_groups

An array of regular expressions representing different character groups.

password_dictionary

A Array/Hash/Set containing dictionary words, which cannot match the password.

password_dictionary_file

A file containing dictionary words, which will not be allowed. By default, /usr/share/dict/words if present. Set to false to not use a password dictionary. Note that this is only used during initialization, and cannot refer to request-specific state, unlike most other settings.

password_in_dictionary_message

The error message fragment to show if the password is derived from a word in a dictionary.

password_invalid_pattern

A regexp where any match is considered an invalid password. For multiple sequences, use Regexp.union.

password_invalid_pattern_message

The error message fragment to show if the password matches the invalid pattern.

password_max_length_for_groups_check

The number of characters above which to skip the checks for character groups.

password_max_repeating_characters

The maximum number of repeating characters allowed.

password_min_groups

The minimum number of character groups the password has to contain if it is less than password_max_length_for_groups_check characters.

password_not_enough_character_groups_message

The error message fragment to show if the password does not contain characters from enough character groups.

password_too_many_repeating_characters_message

The error message fragment to show if the password contains too many repeating characters.