Plugin PasswordRequirement
From LimeSurvey Manual
Overzicht
De plugin PasswordRequirement is een essentiële beveiligingsplugin voor LimeSurvey waarmee beheerders een streng wachtwoordbeleid kunnen afdwingen. Het biedt configureerbare vereisten voor wachtwoordcomplexiteit op twee verschillende gebieden:
- Inloggen door beheerders: Wachtwoorden die door LimeSurvey-beheerders worden gebruikt
- Functie voor het opslaan van enquêtes: Wachtwoorden die worden gebruikt voor de functie "Opslaan en later verder gaan" voor deelnemers aan de enquête
Functies
De plugin hanteert de volgende aanpasbare wachtwoordvereisten:
- Minimale wachtwoordlengte - Definieer het minimale aantal verplichte tekens
- Vereiste cijfers - Verplicht ten minste één cijfer (0-9)
- Vereiste hoofdletters - Verplicht ten minste één hoofdletter (A-Z)
- Vereiste speciale tekens - Verplicht ten minste één speciaal teken (!@#$%&..., enz.)
Elke vereiste kan onafhankelijk worden in- of uitgeschakeld per wachtwoordtype (inloggen beheerder, opslaan van enquêtes).
Configuratie
Instellingen Plugin openen
- Log in bij LimeSurvey als superbeheerder
- Ga naar Administratie → Plugins
- Zoek PasswordRequirement in de lijst met kern-plugins
- Klik op de knop Instellingen (tandwielpictogram) naast de naam van de plugin
Instellingen inloggen beheerders
In dit gedeelte worden de wachtwoordvereisten voor beheerdersaccounts geregeld.
- Minimaal één cijfer verplichten (Standaard Ja)
- Indien ingeschakeld, moeten beheerderswachtwoorden minimaal één cijfer (0-9) bevatten. Voorbeeld:
MyPass123word
- Require at least one uppercase character (Default 'Yes')
- When enabled, administrator passwords must contain at least one uppercase letter (A-Z). Example:
MyPassword123
- Require at least one special character (Default 'No')
- When enabled, administrator passwords must contain at least one special character from the set:
-=!@#$%&*_+,.?;:Example:MyPassword@123
- Minimum password length (Default '12' characters)
- Specifies the minimum number of characters required for administrator passwords. If left blank, defaults to 12 characters. Example: Setting to 16 requires passwords of at least 16 characters.
Survey Save Feature Settings
This section controls password requirements for the "Save and return later" feature used by survey respondents.
- Check password when saving survey (Default 'No')
- When disabled, no password requirements are enforced for survey save functionality. When enabled, all configured requirements below are checked.
- Require at least one digit (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one number.
- Require at least one uppercase character (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one uppercase letter.
- Require at least one special character (Default 'No')
- When enabled (and survey save checking is active), survey save passwords must contain at least one special character.
- Minimum password length (Default 8 characters)
- Specifies the minimum number of characters required for survey save passwords. If left blank, defaults to 8 characters.
Default Settings
The plugin comes with the following default configuration:
| Setting | Default Value |
|---|---|
| Admin: Require digit | Yes |
| Admin: Require uppercase | Yes |
| Admin: Require special character | No |
| Admin: Minimum length | 12 characters |
| Survey save: Check password | No |
| Survey save: Require digit | No |
| Survey save: Require uppercase | No |
| Survey save: Require special character | No |
| Survey save: Minimum length | 8 characters |
User Experience
Password Validation
When a user attempts to set a password that does not meet the configured requirements:
- The system displays clear error messages describing which requirements are not met
- Users are provided with specific feedback about what is missing (e.g., "Password must contain at least one uppercase letter")
- The password is rejected and must be re-entered with corrections
Security Recommendations
For enhanced security, LimeSurvey recommends:
- For administrators: Enable all requirements (digits, uppercase, special characters) with a minimum length of 12-16 characters
- For survey participants: Enable at minimum length validation (8+ characters). Additional requirements may hinder survey completion
Password Generation
When the plugin is active, the system may automatically generate passwords that comply with the configured requirements when:
- Creating new administrator accounts
- Resetting administrator passwords
Generated passwords will include all required character types and respect the minimum length setting.
Compatibility
- LimeSurvey versions: 4.0+, 5.0+, 6.0+, 7.0+
- Plugin version: 1.1.0
- License: GNU General Public License version 2 or later
- Author: LimeSurvey GmbH
FAQ
- What special characters are allowed?
- The following characters are considered special:
-=!@#$%&*_+,.?;:
- Can I set different requirements for different admin users?
- No, the requirements apply globally to all administrator accounts.
- What happens if I disable the plugin?
- Password requirements will no longer be enforced. Existing passwords remain unchanged, but new passwords can be set without meeting the requirements.
- Can I set the minimum length to 0?
- Yes, but it's not recommended for security reasons. The system will accept empty passwords if all other requirements are disabled.
- Does the plugin enforce password changes for existing users?
- No, the requirements apply only to new passwords or password resets. Existing passwords are not affected.
- How long can passwords be?
- There is no upper limit on password length enforced by this plugin.