Strengthening Passwords

[1resu]

It would be nice if an admin can set the mininmal lenght for user passwords. Also RainLoop could check for the strenght of a password. As far as I can see RainLoop currently only accepts password with characters regardless how safe the password is.

btw: thanks for this great software!

[RainLoop]

Admin does not create users in the RainLoop? Rainloop uses IMAP to check user authentication. So you should check password strength when you create your users on mail server.

[1resu]

You're right. But wha about the password changing plugins?

[RainLoop]

You're right. But wha about the password changing plugins?

RainLoop check password weakness in this case.

https://github.com/RainLoop/rainloop-webmail/blob/master/rainloop/v/0.0.0/app/libraries/RainLoop/Providers/ChangePassword.php#L72

https://github.com/RainLoop/rainloop-webmail/blob/master/rainloop/v/0.0.0/app/libraries/MailSo/Base/Utils.php#L2511

[1resu]

Thank's for the hint. It would be nice to have the possibility to change this (lenght, strenght defined by a combination of letters and numbers etc.) by the config file.

[RainLoop]

Maybe you're right, but I don't like alot of configuration parameters. :)

[1resu]

:)
I don't know if all backends (mysql, ldap,..,) support setting the password strenght. If so the backend should check for it else this configuration in RainLoop would make sense.
Feel free to close this report...