Setting password policy for Wt::Auth
Added by Edwin Bentley over 10 years ago
I may be missing something, but I was expecting that within Wt::Auth::PasswordService or Wt::Auth::PasswordStrengthValidator there would be a way to set what I want the password policy to be e.g. must contain letters, numbers and special characters with a minimum length of 8. Is this expected, and if so how would I go about doing this myself?
Replies (1)
RE: Setting password policy for Wt::Auth - Added by Alex V over 10 years ago
Hi Edwin,
I'm not sure if this is what you're after but in Wt::Auth::PasswordStrengthValidator there is the setMinimumLength() function which can be used to set a minimum password strength.
the different classes of passwords are listed in the documentation.
validator->setMinimumPassPhraseWords(Wt::Auth::PasswordStrengthValidator::Disabled);
validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::OneCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);
validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::TwoCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);
validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::ThreeCharClass, Wt::Auth::PasswordStrengthValidator::Disabled);
validator->setMinimumLength(Wt::Auth::PasswordStrengthValidator::FourCharClass, 8);
which would require that passwords have at least 4 of the 5 classes
- lower case letters
- upper case letters
- numbers
- other ascii characters
- unknowns (i.e. multi-byte UTF-8 sequences)
and be a minimum length of 8 characters