Plugin PasswordRequirement
From LimeSurvey Manual
Overview
The PasswordRequirement plugin is a core security plugin for LimeSurvey that allows administrators to enforce strong password policies. It provides configurable password complexity requirements for two distinct areas:
- Administration Login: Passwords used by LimeSurvey administrators
- Survey Save Feature: Passwords used in the "Save and return later" functionality for survey participants
Features
The plugin enforces the following customizable password requirements:
- Minimum Password Length - Define the minimum number of characters required
- Digit Requirement - Require at least one number (0-9)
- Uppercase Requirement - Require at least one uppercase letter (A-Z)
- Special Character Requirement - Require at least one special character (!@#$%&..., etc.)
Each requirement can be independently enabled or disabled per password type (admin login vs. survey save).
Configuration
Accessing Plugin Settings
- Log in to LimeSurvey as a super administrator
- Navigate to Administration → Plugins
- Find PasswordRequirement in the list of core plugins
- Click the Settings button (gear icon) next to the plugin name
Administration Login Settings
This section controls password requirements for administrator accounts.
- Require at least one digit (Default Yes)
- When enabled, administrator passwords must contain at least one number (0-9). Example:
MyPass123word
- Require at least one uppercase character (Default 'Yes')
- When enabled, administrator passwords must contain at least one uppercase letter (A-Z). Example:
MyPassword123
- Require at least one special character (Default 'No')
- When enabled, administrator passwords must contain at least one special character from the set:
-=!@#$%&*_+,.?;:Example:MyPassword@123
- Minimum password length (Default '12' characters)
- Specifies the minimum number of characters required for administrator passwords. If left blank, defaults to 12 characters. Example: Setting to 16 requires passwords of at least 16 characters.
Survey Save Feature Settings
This section controls password requirements for the "Save and return later" feature used by survey respondents.
- Check password when saving survey (Default 'No')
- When disabled, no password requirements are enforced for survey save functionality. When enabled, all configured requirements below are checked.
- Require at least one digit (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one number.
- Require at least one uppercase character (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one uppercase letter.
- Require at least one special character (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one special character.
- Minimum password length (Default 8 characters)
- Specifies the minimum number of characters required for survey save passwords. If left blank, defaults to 8 characters.
Default Settings
The plugin comes with the following default configuration:
| Setting | Default Value |
|---|---|
| Admin: Require digit | Yes |
| Admin: Require uppercase | Yes |
| Admin: Require special character | No |
| Admin: Minimum length | 12 characters |
| Survey save: Check password | No |
| Survey save: Require digit | No |
| Survey save: Require uppercase | No |
| Survey save: Require special character | No |
| Survey save: Minimum length | 8 characters |
User Experience
Password Validation
When a user attempts to set a password that does not meet the configured requirements:
- The system displays clear error messages describing which requirements are not met
- Users are provided with specific feedback about what is missing (e.g., "Password must contain at least one uppercase letter")
- The password is rejected and must be re-entered with corrections
Security Recommendations
For enhanced security, LimeSurvey recommends:
- For administrators: Enable all requirements (digits, uppercase, special characters) with a minimum length of 12-16 characters
- For survey participants: Enable at minimum length validation (8+ characters). Additional requirements may hinder survey completion
Password Generation
When the plugin is active, the system may automatically generate passwords that comply with the configured requirements when:
- Creating new administrator accounts
- Resetting administrator passwords
Generated passwords will include all required character types and respect the minimum length setting.
Compatibility
- LimeSurvey versions: 4.0+, 5.0+, 6.0+, 7.0+
- Plugin version: 1.1.0
- License: GNU General Public License version 2 or later
- Author: LimeSurvey GmbH
FAQ
- What special characters are allowed?
- The following characters are considered special:
-=!@#$%&*_+,.?;:
- Can I set different requirements for different admin users?
- No, the requirements apply globally to all administrator accounts.
- What happens if I disable the plugin?
- Password requirements will no longer be enforced. Existing passwords remain unchanged, but new passwords can be set without meeting the requirements.
- Can I set the minimum length to 0?
- Yes, but it's not recommended for security reasons. The system will accept empty passwords if all other requirements are disabled.
- Does the plugin enforce password changes for existing users?
- No, the requirements apply only to new passwords or password resets. Existing passwords are not affected.
- How long can passwords be?
- There is no upper limit on password length enforced by this plugin.