Type: Feature Request
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
This was raised on the dev list, that users can create weak passwords, ie 'a'.
I propose an addition to the User Account page (or API even) that performs a check on the entered password to check it for 'strength', ie upper and lower case, numbers, symbols, etc and provide feedback. We could even go a step further with a sakai property that an institution could set that only allows passwords above a given measured strength to be allowed.
a= strength 0, not allowed
abc123 = strength 2, not allowed
Abc_123! = strength 4, ok.
Example of password strength checker: http://www.passwordmeter.com/