Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Minimum Password Length Details »
Minimum Password Length
Mod Version: 1.0.2, by Eric (Coder/Designer) Eric is offline
Developer Last Online: Jul 2019 I like it Show Printable Version Email this Page

vB Version: 4.x.x Rating: (11 votes - 4.55 average) Installs: 56
Released: 31 May 2011 Last Update: 05 Jul 2011 Downloads: 299
Not Supported Uses Plugins Auto-Template Re-usable Code Translations  

What is this?
This mod will allow you to force user passwords to be at least a certain length.


Features
  • Force minimum length on:
    • Registration
    • Edit Password
    • Reset Password

I've only tested this mod on vB 4.1.4/4.1.5 (alpha). It should work with previous versions, however I am not sure. If it works for you on an older version, let me know.


Installation
1. Download the `product-password_minlength.xml` file. (* may differ in name based on version)
2. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
3. Import the product using the `product-password_minlength.xml` file. (* may differ in name based on version)
4. Configure the mod in AdminCP -> Settings -> Options -> User Registration Options


Upgrading
In many cases, all you'll need to do to upgrade is follow the installation instructions above, but set "Allow Overwrite" to "Yes".


Changelog
Version 1.0.2, 07/05/2011
  • Changed the "Check Method" choice from a drop down to radio buttons (Boofo )
  • Changed how the "UserId" "Check Method" works - it now is used for escluding User ID's
  • Fixed a bug in the plugin for updating profile - was not checking if a new password had been entered.

Version 1.0.1, 06/07/2011
  • Introduced three new options and one new plugin.
  • The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).

Version 1.0.0, 05/31/2011
  • Initial release.

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	editpassword.png
Views:	360
Size:	12.2 KB
ID:	129628   Click image for larger version

Name:	editpassword_notlongenough.png
Views:	304
Size:	5.2 KB
ID:	129629   Click image for larger version

Name:	register.jpg
Views:	302
Size:	26.1 KB
ID:	129630   Click image for larger version

Name:	register_noglongenough.jpg
Views:	458
Size:	54.2 KB
ID:	129631  

Click image for larger version

Name:	admincp_options.jpg
Views:	255
Size:	83.7 KB
ID:	130732  

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #16  
Old 04 Jun 2011, 16:53
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by BirdOPrey5 View Post
I suggest if possible add a feature to this mod to enforce minimum lengths on mod and admin accounts only.

Honestly it is extremely unlikely I wold join a forum requiring me to have a password over 6 to 8 characters.

Because... unless I'm a mod or admin, it's JUST a forum. NO ONE cares about my account and I care even less. So what someone cracks my password? Very unlikely on vBulletin where you can't brute-force your way in because it will lock you out after a few bad tries... I'm not going to jump through hoops to join a forum unless they are the only forum in their niche- and I know most admins can't claim that.

Just my opinion.
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.

I may add a usergroup option though, we'll see.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #17  
Old 04 Jun 2011, 17:01
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by Eric View Post
I would disagree, actually. I think every member should have as secure a password as possible. These days when you have things like KeePass, etc - and browsers that will save the password... what is an extra 2-3 characters? Besides, the limit in this mod is configurable.

I may add a usergroup option though, we'll see.
I think a userid option would be better.
Reply With Quote
  #18  
Old 04 Jun 2011, 17:24
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?

You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.

I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.

Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #19  
Old 04 Jun 2011, 18:58
jgt58 jgt58 is offline
 
Join Date: May 2010
Originally Posted by Boofo View Post
I think a userid option would be better.
This would be great if you could enforce this on a usergroup basis and not the regular members
__________________
www.elitestangs.com
www.importnation.org
Awesome Skins!
Bluepearl Skins
Reply With Quote
  #20  
Old 04 Jun 2011, 19:13
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by jgt58 View Post
This would be great if you could enforce this on a usergroup basis and not the regular members
That makes absolutely no sense. Why even use it then?
Reply With Quote
  #21  
Old 04 Jun 2011, 19:14
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by BirdOPrey5 View Post
Well obviously it's your mod... I'm just saying I think putting a 10 or 14 character minimum on regular user account on most forums is like putting a bank vault door on an empty shed in a rural area... Yeah it's more protection, but for what?

You have to balance security vs. the user experience and most forums don't need this type of security on their standard accounts. Admins need to realize IMO most of their sites aren't all that important in the scheme of things. If it was a bank account or medical history then yeah, by all means, enforce strong passwords... but a forum to talk about cars or art or video games? I'd be more concerned about frustrating new and existing members with password requirements far surpassing any bank account I've ever used and having them stop coming.

I use KeePass myself but I'm not going to go through the effort of making a new entry for every single forum I'm a member of. LOL.

Anyway, my suggestion is an option to enforce for mods and admins only... all other opinions aside.
Not everyone feels their forums or members security are as unimportant as you feel they are.
Reply With Quote
  #22  
Old 04 Jun 2011, 23:35
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by Boofo View Post
That makes absolutely no sense. Why even use it then?
Because regular users have "no powers." If someone hacked a regular user account worst thing they could do is post as them... So what if that happens?

Mod and Admin accounts however need to be protected for the security of the forum and the protection of member's private info.
__________________
-Joe
Former vBulletin.org Staff Member

(@BirdOPrey5) Former vb.org Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #23  
Old 07 Jun 2011, 19:35
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Version 1.0.1, 06/07/2011
  • Introduced three new options and one new plugin.
  • The new options are based around a "Check Method". You can choose to enforce the min. password length by userid, usergroup, or 'none' (all).
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #24  
Old 08 Jun 2011, 02:27
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radio:piped instead of select:piped. And I would have excluded userids instead of including them.

Last edited by Boofo; 08 Jun 2011 at 02:34.
Reply With Quote
  #25  
Old 08 Jun 2011, 23:19
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by Boofo View Post
Thanks for the update. The only thing I would suggest is changing the "Minimum Password Length: Check Method" option to radioiped instead of selectiped. And I would have excluded userids instead of including them.
Why change to the radioiped?

And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #26  
Old 08 Jun 2011, 23:55
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
Originally Posted by Eric View Post
Why change to the radioiped?
A coding preference, I guess, as well as it shows all options instead of having to scroll through a drop-down box.

Originally Posted by Eric View Post
And for the userids, that is what I had initially and tbh, don't even remember why I thought it should be changed - would not take much to change it back.
I was wondering if maybe it was a simple mistake on your end.
Reply With Quote
  #27  
Old 09 Jun 2011, 23:53
jgt58 jgt58 is offline
 
Join Date: May 2010
Originally Posted by Boofo View Post
That makes absolutely no sense. Why even use it then?
Because to enforce staff having a more secure password than the normal users. Extra security is really not needed for normal users. If they are concerned about that , they will have a strong password. I WANT my staff to have a secure password , but there is no way to enforce that. This would be perfect with tweeks.

So yes , it does make sense :-)
__________________
www.elitestangs.com
www.importnation.org
Awesome Skins!
Bluepearl Skins
Reply With Quote
  #28  
Old 10 Jun 2011, 02:36
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Real name: Rob
To you, maybe. I think my users are just as important as the staff and therefore should be given the same concern. Having their accounts hacked could be just as disastrous, if not more so, than any staff members.
Reply With Quote
  #29  
Old 10 Jun 2011, 05:03
just.b.jealous just.b.jealous is offline
 
Join Date: Sep 2009
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.
Reply With Quote
  #30  
Old 10 Jun 2011, 07:13
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by just.b.jealous View Post
You should require it for admins/moderators and not regular users, trust me- they dislike it. But then again, any secure-minded admin already has a long enough, difficult to guess password. HAd this installed but users couldn't actually register- they all kept getting a "password doesn't contain required amount of characters, please try again" error, or something to that effect. Ending up having to disable it for the time being.
I've tested this mod several times across 4.1.3 and 4.1.4 - works fine. You sure they actually were meeting the requirement?
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 07:34.

Layout Options | Width: Wide Color: