User Settings and Passwords

Here I'll share my efforts to make user registration, login/logout and password-handling a little more user-friendly as well as more secure. And apart from making sure the associated forms are XHTML-compliant, I'm also making them accessible according to the WAI guidelines.

Password length

Currently the system only enforces a minimum password length of 5 characters. That's generally not considered a very secure password, so my first action was to make this minimum length Admin-configurable.

  1. edit wikka.config.php and add the following line:
    "user_min_password" => "5",    // default minimum password length
  1. edit actions/usersettings.php and replace every occurrence of
    < 5
    < $this->config["user_min_password"]

Now minimum password length is Admin-configurable and will be enforced in UserSettings for registration and login. (Make sure any existing passwords are of sufficient length first!) A good minimum is 8 characters but this patch maintains the current default of 5 in Wikka.

Um, I'm not one to speak from experience, but isn't the whole concept of a wiki supposed to render security irrelevent? Additionally, the wiki format (instead of a forum), is that editing a page is for non-registered users should be as easy and quick as possible. If anything, the default should be lower than 5 (like 2 characters). I appreciate the ability to configure the min_length, but does this have any ramfications on /setup files? Like in the case of upgrading? -- Sam

No, I don't think the concept of a Wiki is to make security irrelevant - just to make a community effort to maintain pages/information on the Web (or an intranet) easy. But many Wikis (including this one!) have been configured to require a user to have an account and be logged in to be able to edit any page.
The idea behind more secure passwords is not to make the Wiki more secure, but to make those accounts more secure - so someone else may not "take over" an account and then impersonate someone. And let's not forget that most Wikis also have a Wiki Master and one or more users with Admin rights - should anyone be able to easily take over those accounts? I think not (at that point security of user-supplied email addresses also becomes relevant).

Of course, if you think 2 characters is sufficient for your Wiki, my patch (applied once) allows you to configure just that instead of replacing a constant in 10 locations or so (I didn't count). I just go in the other direction. ;-)

Upgrading is a good point though: I don't know how upgrading is implemented (yet) - I've only looked at a current installation and new setups so far. I'll look into that; I've only just started with Wikka... Thanks!
-- JavaWoman

Strengthened password rules on existing site

On an existing site where the password minimum length is increased the following situation can occur:
A user logs in with a valid (existing) password, but the rules have changed and it's now too short. The system should then enforce choosing a new password (of sufficient length).

I have this implemented now on my local machine. No single patch - part of my complete overhaul of the login/registration fucntionality. Will post completed code later...
-- JavaWoman

Thanks for your work on this JW :) Looking forward to seeing this "prompt" for a new password. Just my two cents here: from a user standpoint, it's easier to work with a single password for a single site. That is, this prompt seems excessive. If a user chooses a 2 letter password (when it was okay to do so), then she probably doesn't care about security. Whereas if it was to be secure, you'd choose something dramatic. Additionally, on a social side, it's cool to have a unique password. I have a 5 character password for one of my Hotmail accounts whereas you need 6 characters when signing for a new account. Cool! -- Sam

OK, Sam, you have a point about it being more use-friendly if a once-accepted password can remain the same. I could make it (WikiAdmin-)configurable; that way you could have a once-valid password remain valid (but still apply new rules when the user wants to change the password), and have that the default behavior; or the WikiAdmin could choose to enforce the new rules and have a prompt for a new password on login. How does that sound?
[One thing though: many people actually have no idea about password security or what makes a password secure. I've overheard people telling each other how to choose this weird thing called a password .... not that they didn't care - they just had no idea! :) Then again, probably WikiUsers are a little wiser!]
-- JavaWoman

There are 4 comments on this page. [Show comments]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki