Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to force a user to make strong password in JIRA 5.1?

preet kumar
preet kumar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 21, 2013

Hi,

I would like that user should be forced to keep a strong password for login. These are my finding or loose points in JIRA 5.1 for password.

  1. Weak passwords (complexity-wise) are allowed.
  2. The minimum length of the password is less than 8.
  3. The password cannot be expired.
  4. The user is not forced to change the password during the user's first login.
  5. The password for the new user is set to default.

Any Suggestion that we can have these things in place.

Regards

Preet

Answer
Watch
Like Be the first to like this
474 views

2 answers

1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 21, 2013

You need to replace the code in Jira that handles passwords, in order to add functions 1, 2, and 4. Function 3 is slightly different as it's a time-based thing, but it needs coding in a slightly different place. I don't understand what the problem with 5 is - "default" passwords are a bad thing in security terms and a random or admin-defined one should always be set.

Your second option is to use external account maintenance, connecting Jira to a system that will do these things for you. This is a better option than coding in the core of Jira in my opinion.

There are other options as well (e.g. use ssl certificates and bypass passwords completely - far more secure in many ways), but they all need coding.

However, you are using OnDemand, which means you can't implement anything different. You'll need to move to your own installation to implement anything better.

View More Comments
Edson Sossai
Edson Sossai February 13, 2013

Hi Nic,

I have a hosted installation of Jira and have the same issue. How can i change the code like you mentioned on the first paragraph to allow minimun numbers of charaters on the users password?

I just want to make all passwords minimum 8 characters and using at least one number.

Thanks

ES

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 13, 2013

I'm sorry, I don't know exactly where it is, I've never needed to look for it. I suspect you need to look in the "crowd embedded" stuff, but it might be easier to start from the "changepassword.jsp" and trace it from there.

Like
Reply
0 votes
Michael Knight
Michael Knight
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 22, 2013

This is not currently possible in OnDemand. We have a feature request logged for it here:

Feel free to keep an eye on that issue for developments.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events