As an administrator I can enforce the minimum passphrase complexity in my organization settings

Q1. What is the problem that you are trying to solve?
When a user creates its passphrase the only requirement is to use 8 o more length, but they still can use passphrase like ‘12345678’. There is an advertise saying its weak but can be ingonerd by the user.

Q2 - Who is impacted?
Everybody.

Q3 - Why is it important and/or urgent?
The passphrase is the weakiest point of security in the system and as an admin I can´t control how complex/weaky is.

Q4 - What is your proposed solution? (optional)
Allow, by config file for example, a way to enable some complexity rules that will be mandatory when creating the passphrase. Just use the same rules as the complexity advertise to enforce what sysadmin wants.

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)
0 voters

@AlexG thanks for the well written entry!

Has there been any progress or further discussion about this? I think it is a rather nice feature

Feature released with v4.3.0 Pro and cloud editions.

For more information checkout the documentation page User Passphrase Policies | Passbolt documentation.