Stack Overflow
Stack Overflow

Questions tagged [password-policy]

76 questions
22
votes
9 answers

What are the best rules to follow for what characters to allow in a password?

Without thinking about it at all I just want to say I should allow every character. It gets hashed in any case, and I don't want to limit people who want to create strong passwords. However, thinking about it more, there are plenty of characters…
Gene Roberts
  • 2,192
  • 3
  • 17
  • 16
9
votes
2 answers

Password max length with bcrypt, blowfish

My question derives from this How to hash long passwords (>72 characters) with blowfish I am using bcrypt(blowfish) to hash the passwords. So, as I found out from this…
dav
  • 8,931
  • 15
  • 76
  • 140
7
votes
4 answers

How to unlock user on ApacheDS

I setup an ApacheDS with default password-policy enabled. For testing proposes I locked a simple User (objectClass=Person extended with some custom User-objectClass) by entering the wrong credentials a number of times. As I expected the user was…
Inceddy
  • 760
  • 1
  • 6
  • 18
6
votes
1 answer

PBKDF2 with HMAC in Java

I am working on a Java project where I must ensure the confidentiality and integrity of users password saved in a plaintext file. To do so, I will write only a hash of the password in the file. More specifically, my intention is to write the hash…
papafe
  • 2,959
  • 4
  • 41
  • 72
5
votes
3 answers

MySQL validate_password_policy unknown system variable

I'm using MySQL 5.7.25 and i want to increase my MySQL password policy by doing this in MySQL command: SET GLOBAL validate_password_policy=2; But i always get an error: ERROR 1193 (HY000): Unknown system variable 'validate_password_policy' I…
blue
  • 1,695
  • 3
  • 10
  • 17
5
votes
2 answers

Is there an existing algorithm in checking password strength? Or re-invent the wheel?

I've been thinking to develop an Android application which will tell the password strength of user-entered password. In terms of checking password strength, I developed these 2 Algorithms to check it. But I'm having second thought using these…
user5279624
4
votes
1 answer

Keycloak set password policy via Rest API

I would like to update/add password policy through Keycloak RestAPI. I went through the docs, but it looks like that I may only retrieve the list of password policy through APIs. Any other possible way so that I can handle the password policy…
Haizad Annuar
  • 149
  • 1
  • 3
  • 14
4
votes
1 answer

How to activate "ppolicy" module in OpenLDAP?

I trie to activate ppolicy module in OpenLDAP. OS Version : Debian 8.4 LDAP Version: @(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $root@chimera: /tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slap I have the next message: #…
Fandura
  • 39
  • 1
  • 3
4
votes
2 answers

How do I set a Group Policy's Password Policy in C#

I am trying to retrieve a group policy from a Windows Server 2008 Active Directory and change the minimum password age, maximum password age, and minimum password length in a C# application. Is there a way to do this? So far I have only found out…
Eric John Olson
  • 43
  • 5
4
votes
3 answers

Password Policy in ASP.NET Profile (Membership)

In change password page, we have this code, So if we want to change Password Policy into "StrongPolicy", have we a way or is it by default? Also can we change it to weak policy ? I read MSDN but couldn't find it. Membership mu ;…
Harry Sarshogh
  • 2,137
  • 3
  • 25
  • 48
2
votes
2 answers

Keycloak expire password policy per user/group

I have an app where I have to force some group of users to reset passwords after some time, but not all of them. Is it possible to create a policy per user/group with an Expire password? I tried so many different ways to handle it in a different way…
Kolesar
  • 1,265
  • 3
  • 19
  • 41
2
votes
1 answer

OPENLDAP: password policy overlap, how to assign to a specific OU

I need to set password policy only to a specific OU, and it will be applied to all users that will be crated/moved in this OU. I have OPENLDAP 2.4.44 installed on CentOS 7, and I configured it in this way (I used this guide:…
Marco Ferrara
  • 516
  • 1
  • 8
  • 26
2
votes
1 answer

Exclude a user with realm-management role from keycloak's password policy

I have a user with Client Roles realm-management in a realm which contains password policy. I want to exclude this user from the password policy since I use this user to do some operation fetch the roles get all the user via Java API and I don't…
Noa
  • 315
  • 1
  • 7
  • 31
2
votes
2 answers

Keycloak Admin API - How to check if password fits the password policy

I am using Keycloak admin API to create a new user. How can I check that the given password indeed fits the realm password policy before creating the user? I am using the following code: Response response =…
Guy Hudara
  • 247
  • 4
  • 13
2
votes
1 answer

MessageDigest.digest() returning same hash for different strings having Norwegian character

I am calling MessageDigest.digest() method to get the hash of the password. If the password contains a Norwegian character e.g. 'ø', this method returns same hash for different strings with different last character. "Høstname1" and "Høstname2" have…
namang029
  • 23
  • 4
1
2 3 4 5 6