Outdated forum password requirements

If you have any 'mechanical' forum or Joomla! sites related issues/suggestions with joomla.org, community.joomla.org, forum.joomla.org, vel.joomla.org.
Peter Boughton
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Aug 19, 2019 1:09 pm

Outdated forum password requirements

Post by Peter Boughton » Mon Aug 19, 2019 1:42 pm

When registering on the forums just now, the password requirement was:

Password must be between 6 characters and 30 characters long, must contain letters in mixed case and must contain numbers.
Having an upper limit on length is usually a sign of them being stored incorrectly.

Requiring mixed case and numbers is merely security theatre - obviously "Password1" is completely insecure, yet it meets those requirements, whilst "£$*%&*(%$^^£$@*%^&^" was secure (before I posted it), but does not.

A better solution is a password strength meter like zxcvbn which provides a more meaningful measure of security (with optional feedback on detected weaknesses).

User avatar
Joomla! Master
Joomla! Master
Posts: 11478
Joined: Thu Jul 17, 2008 3:10 pm
Location: Ireland

Re: Outdated forum password requirements

Post by ooffick » Tue Aug 20, 2019 6:15 am


I don't think it would be a big issue, but I have increased the upper limit to 100.

Even if we would implement a password strength meter, phpbb would still enforce a upper and lower limit.

Here is one of the extension we could uwe
https://www.phpbb.com/customise/db/exte ... _strength/

Kind regards
Olaf Offick - Global Moderator


Return to “Sites & Infrastructure - Feedback/Information”