Project

General

Profile

Setting password policy for Wt::Auth

Added by Edwin Bentley over 9 years ago

I may be missing something, but I was expecting that within Wt::Auth::PasswordService or Wt::Auth::PasswordStrengthValidator there would be a way to set what I want the password policy to be e.g. must contain letters, numbers and special characters with a minimum length of 8. Is this expected, and if so how would I go about doing this myself?


Replies (1)

RE: Setting password policy for Wt::Auth - Added by Alex V over 9 years ago

Hi Edwin,

I'm not sure if this is what you're after but in Wt::Auth::PasswordStrengthValidator there is the setMinimumLength() function which can be used to set a minimum password strength.

the different classes of passwords are listed in the documentation.

validator->setMinimumPassPhraseWords(Wt::Auth::PasswordStrengthValidator::Disabled);

validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::OneCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);

validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::TwoCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);

validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::ThreeCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);

validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::FourCharClass, 8);

which would require that passwords have at least 4 of the 5 classes

  • lower case letters
  • upper case letters
  • numbers
  • other ascii characters
  • unknowns (i.e. multi-byte UTF-8 sequences)

and be a minimum length of 8 characters

    (1-1/1)