Versions Compared

Old Version 1

changes.mady.by.user Pavel Novák

Saved on

compared with

New Version Current

changes.mady.by.user Pavel Novák

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Minimum password length for administrators. The length is enforced when setting a new password or changing the existing one. For security reasons this cannot be set lower than 8 characters.

(default: 812)

Password must contain

By checking the required character groups (lowercase and uppercase, digits, symbols) it is possible to increase the complexity of used passwords. The following characters are considered as symbols: ! @ # $ % ^ & *. The character groups are checked when when setting a new password or changing the existing one.

(default: all uncheckedchecked)

Forbid leaked passwords usage

When enabled, ensures any new password must not be a part of a known password data breach. The "Have I Been Pwned (HIBP)" service is used to check this. The password is not sent anywhere for this check. Only a 5 character fragment of the SHA1 password hash is sent. For more information see: https://haveibeenpwned.com/API/v3#PwnedPasswords. This is checked when setting a new password or changing the existing one.

(default: disabledenabled)

Password rules for users

...

By checking the required character groups (lowercase and uppercase, digits, symbols) it is possible to increase the complexity of used passwords. The following characters are considered as symbols: ! @ # $ % ^ & *. The character groups are checked when when setting a new password or changing the existing one.

(default: all uncheckedchecked except symbols)

Forbid leaked passwords usage

When enabled, ensures any new password must not be a part of a known password data breach. The "Have I Been Pwned (HIBP)" service is used to check this. The password is not sent anywhere for this check. Only a 5 character fragment of the SHA1 password hash is sent. For more information see: https://haveibeenpwned.com/API/v3#PwnedPasswords . This is checked when setting a new password or changing the existing one.

(default: disabledenabled)

Password rules for packages

...

When enabled, ensures any new password must not be a part of a known password data breach. The "Have I Been Pwned (HIBP)" service is used to check this. The password is not sent anywhere for this check. Only a 5 character fragment of the SHA1 password hash is sent. For more information see: https://haveibeenpwned.com/API/v3#PwnedPasswords . This is checked when setting a new password or changing the existing one.

(default: disabledenabled)

Mandatory package password - not logged in user

...