configure password complexity

I want to

a) enforce custom minimum password complexity requirements

b) enable zero length passwords

Ideally, password complexity requirement would be linked to group membership.

I understand that using external authentication would allow this however the application is for a site which would not otherwise require a directory service and many users would be external to the host organisation. And additionally, internal users WILL be configured for auth in MS AD.

1 answer

1 accepted

Accepted Answer
0 votes

Hello Nic,

It looks like this question has been asked a couple times on Answer before.

https://answers.atlassian.com/questions/19518/password-complexity-within-confluence

https://answers.atlassian.com/questions/8838/how-to-force-users-to-use-strong-password

Both of these cases cite an old Adaptavist Plugin (User Security Management) that I am no able to locate any longer.

I went ahead and filed the following feature request on your behalf.

https://jira.atlassian.com/browse/CONF-27986

Please go ahead and vist this issue and vote on it. The more visitbility we can garner for this issue means the more likely our developers are to include it in a future release of Confluence. I have attached this post to further incease it's visibility.

Thanks Daniel. I too found the Adaptivist links, but nothing at Adaptivist site now refers. I think that there are two distinct issues here and your proposed feature request addresses one of them; the other is documentation - i.e. I can't find anywhere a description of what the current system actually requires in terms of password complexity, and I suggest that along side that missing documentation should be the statement that currently there is no way to configure any variation in that policy.

Assuming that is a correct statement, I'm happy to close the query?

nic

Nic,

There is currently no complexity requirement for Confluence. If this feature is implemented we will need to document how to set and enforce this requirement. I will add a private comment about making sure we document this functionality once it is relased.

Wasn't sure what you meant by 'no complexity requirement'. But by experiment I discover that even a single character is allowed! But not null. That is what I mean by the complexity requirement. Though it is certainly minimal!

thanks and signing off

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 11, 2018 in Confluence

What are your project planning tips?

Hello Community,  Jessica here from the Confluence product marketing team! Today I wanted to get your takes on project planning –– what works, what doesn’t, how do you know if you’re doing it r...

320 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you