Bug 477495 - Allowing a password policy
Summary: Allowing a password policy
Status: CONFIRMED
Alias: None
Product: systemsettings
Classification: Applications
Component: kcm_users (other bugs)
Version First Reported In: 5.27.9
Platform: Manjaro Linux
: NOR wishlist
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-25 11:37 UTC by Alberto Salvia Novella
Modified: 2023-11-29 22:25 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Salvia Novella 2023-11-25 11:37:23 UTC 
Passwords are usually the weakest link on a system security wise.

So probably it would be a good idea if creating an user through System Settings will warn if their password was weak or common.

This could be done through libpwquality. System Settings just needed to abide to the policy defined at "/etc/security/pwquality.conf".

Calamares already implements it like this:
- https://github.com/calamares/calamares/blob/calamares/src/modules/users/CheckPWQuality.h
- https://github.com/calamares/calamares/blob/calamares/src/modules/users/CheckPWQuality.cpp

And here's the manual:
- https://man.archlinux.org/man/pwquality.conf.5.en

An the settings that would meet NIST recommendations:
retry=10 
minlen=9
maxrepeat=3
maxsequence=3
usersubstr=4
enforce_for_root
Comment 1 Alberto Salvia Novella 2023-11-25 11:38:35 UTC 
Sorry:
retry=10 
minlen=8
maxrepeat=3
maxsequence=3
usersubstr=4
enforce_for_root