Documentation for Password Complexity Feature¶ ↑
The password complexity feature implements more sophisticated password complexity checks. It is not recommended to use this feature unless you have a policy that requires it, as users that would not choose a good password in the absense of password complexity requirements are unlikely to choose a good password if you have password complexity requirements.
Checks:
-
Contains characters in multiple character groups, by default at least 3 of uppercase letters, lowercase letters, numbers, and everything else, unless the password is over 11 characters.
-
Does not contain any invalid patterns, by default patterns like
qwerty
,azerty
,asdf
,zxcv
, or number sequences such as123
. -
Does not contain a certain number of repeating characters, by default 3.
-
Is not a dictionary word, after stripping off numbers from the prefix and suffix and replacing some common numbers/symbols often substituted for letters, catching things like
P@$$w0rd1
.
Auth Value Methods¶ ↑
- password_character_groups
-
An array of regular expressions representing different character groups.
- password_dictionary
-
A Array/Hash/Set containing dictionary words, which cannot match the password.
- password_dictionary_file
-
A file containing dictionary words, which will not be allowed. By default,
/usr/share/dict/words
if present. Set to false to not use a password dictionary. Note that this is only used during initialization, and cannot refer to request-specific state, unlike most other settings. - password_in_dictionary_message
-
The error message fragment to show if the password is derived from a word in a dictionary.
- password_invalid_pattern
-
A regexp where any match is considered an invalid password. For multiple sequences, use
Regexp.union
. - password_invalid_pattern_message
-
The error message fragment to show if the password matches the invalid pattern.
- password_max_length_for_groups_check
-
The number of characters above which to skip the checks for character groups.
- password_max_repeating_characters
-
The maximum number of repeating characters allowed.
- password_min_groups
-
The minimum number of character groups the password has to contain if it is less than
password_max_length_for_groups_check
characters. - password_not_enough_character_groups_message
-
The error message fragment to show if the password does not contain characters from enough character groups.
- password_too_many_repeating_characters_message
-
The error message fragment to show if the password contains too many repeating characters.