Hi all,

I have some problems for using limesurvey in specific environments which required more security around the authentication.


My questions are:

Is it possible to force the length of the password?

is it possible to determine a minimum complexity with mandatory digit and uppercase use?

Is it possible to have a retention of the use of the last 4 passwords?

Is it possible that the password provided by email is only temporary and needs to be changed upon reconnection?

Thanks a lot.

You probably will need to "hack" the code or create a plugin.

But one thing: I always feel that systems that make that many demands for passwords are less secure for me. Because if I can't remember the password (and that is mostly the case when I can't create the password the way I want it) I need to note it down somewhere, making this another potential way of attack.

If you make it complicated, users will find a way that makes it less complicated for them and it is usually not a desirable way they find.

Just my two cents.

@holch : all my passwords * are randomly generated and saved in browser + keepass

Else : 4.0 have this new feature

* except : decrypt disk + computer session + browser crypt passwords

@holch : all my passwords * are randomly generated and saved in browser + keepass

When you only use one computer this works fine, but when you change devices frequently (work, home, tablet, phone, etc.)...

Nextcloud (on my server) + a keepass DB inside it

My keepassdb password is … … really really really long

My keepassdb password is … … really really really long

Hahahahahaha.

Thanks for your return Denis.


I just made a quick installation of the 4.0 RC1 and I see a new plugin "PasswordRequirement". It's almost perfect I do not see retention management Is an update planned at this level?

Is this plugin available in standalone and compatible with a limesurvey 3.x installation?

Thank you !