- Posts: 11
- Thank you received: 1
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Strong authentication
- jeremyp
- Topic Author
- Offline
- New Member
Less
More
4 years 8 months ago #186855
by jeremyp
Strong authentication was created by jeremyp
Hi all,
I have some problems for using limesurvey in specific environments which required more security around the authentication.
My questions are:
Is it possible to force the length of the password?
is it possible to determine a minimum complexity with mandatory digit and uppercase use?
Is it possible to have a retention of the use of the last 4 passwords?
Is it possible that the password provided by email is only temporary and needs to be changed upon reconnection?
Thanks a lot.
I have some problems for using limesurvey in specific environments which required more security around the authentication.
My questions are:
Is it possible to force the length of the password?
is it possible to determine a minimum complexity with mandatory digit and uppercase use?
Is it possible to have a retention of the use of the last 4 passwords?
Is it possible that the password provided by email is only temporary and needs to be changed upon reconnection?
Thanks a lot.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11639
- Thank you received: 2737
4 years 8 months ago #186876
by holch
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Strong authentication
You probably will need to "hack" the code or create a plugin.
But one thing: I always feel that systems that make that many demands for passwords are less secure for me. Because if I can't remember the password (and that is mostly the case when I can't create the password the way I want it) I need to note it down somewhere, making this another potential way of attack.
If you make it complicated, users will find a way that makes it less complicated for them and it is usually not a desirable way they find.
Just my two cents.
But one thing: I always feel that systems that make that many demands for passwords are less secure for me. Because if I can't remember the password (and that is mostly the case when I can't create the password the way I want it) I need to note it down somewhere, making this another potential way of attack.
If you make it complicated, users will find a way that makes it less complicated for them and it is usually not a desirable way they find.
Just my two cents.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
4 years 8 months ago #186879
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Strong authentication
@holch : all my passwords * are randomly generated and saved in browser + keepass
Else : 4.0 have this new feature
* except : decrypt disk + computer session + browser crypt passwords
Else : 4.0 have this new feature
* except : decrypt disk + computer session + browser crypt passwords
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11639
- Thank you received: 2737
4 years 8 months ago #186880
by holch
When you only use one computer this works fine, but when you change devices frequently (work, home, tablet, phone, etc.)...
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Strong authentication
@holch : all my passwords * are randomly generated and saved in browser + keepass
When you only use one computer this works fine, but when you change devices frequently (work, home, tablet, phone, etc.)...
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
4 years 8 months ago #186881
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Strong authentication
Nextcloud (on my server) + a keepass DB inside it
My keepassdb password is … … really really really long
My keepassdb password is … … really really really long
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- holch
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 11639
- Thank you received: 2737
4 years 8 months ago #186884
by holch
Hahahahahaha.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Replied by holch on topic Strong authentication
My keepassdb password is … … really really really long
Hahahahahaha.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
The topic has been locked.
- jeremyp
- Topic Author
- Offline
- New Member
Less
More
- Posts: 11
- Thank you received: 1
4 years 8 months ago #186893
by jeremyp
Replied by jeremyp on topic Strong authentication
Thanks for your return Denis.
I just made a quick installation of the 4.0 RC1 and I see a new plugin "PasswordRequirement". It's almost perfect I do not see retention management Is an update planned at this level?
Is this plugin available in standalone and compatible with a limesurvey 3.x installation?
Thank you !
I just made a quick installation of the 4.0 RC1 and I see a new plugin "PasswordRequirement". It's almost perfect I do not see retention management Is an update planned at this level?
Is this plugin available in standalone and compatible with a limesurvey 3.x installation?
Thank you !
The topic has been locked.